ISO 9001 Standard / ISO 9001 Standards – ISO 9000 Standard / ISO 9000 Standards Certification & Implementation

The implementation of an ISO 9001 conformance system must recognize that it is but a step in a long-term development of a continually improving QMS. Unfortunately, it is often the case that ISO 9001 is taken as a means to an end, where the implementation of a QMS is not the primary objective, rather certification is. As a result, SMEs may end up with stacks of documentation waiting to be processed that adds no value, but cost.
According to the requirements of ISO 9001, an organization must develop only six documented procedures: (1) control of documents, (2) control of quality records, (3) ISO 9001 Internal Audits, (4) control of non-conformities in ISO 9001 Standard, (5) ISO 9001 Standard Corrective Action, and (6) preventative action. A quality manual and several records are also required. The development of other ISO 9001 Standard Procedures, ISO 9001 Standard Work Instructions, and other ISO 9001 Standard documents is largely at the discretion of the organization. From the very beginning of the process, it is therefore essential that SMEs establish a balanced view between a short-term focus (marketing/sales) and a long-term focus (achieving company-wide quality awareness through TQM). ISO 9001 documentation should be considered as an enabler along that way and SMEs must guard against the creation of unnecessary documentation.

However, even when such a view is adopted, many SMEs struggle to move from their initial state to a fully functional ISO 9001 QMS. Over the last several years, we have been involved in ISO 9001 implementation projects in seven different SMEs. The SMEs have ranged in size from approximately 20 employees to 500 employees. The SMEs have been drawn from a variety of sectors in Virginia, including manufacturing, distribution, and services. Based on our experience, we developed a schematic of initial states of an organization in terms of the existence and functionality the ISO 9001 standard documentation required by the standard while functionality is equated with an effectively operated QMS that leads to increased customer satisfaction and continuous improvement of business results. A successful QMS must be fully functional and appropriately documented. With that in mind, there are four main states in which SMEs can be located in the beginning of the implementation process.

Visit http://www.iso9001store.com for more information on ISO 9001 Standard

ISO 9001 Standard Youtube video at http://www.youtube.com/watch?v=EsF8_iAeVIA

When an organization chooses not to pursue ISO 9001 certification or not to retain the ISO 9001 certificate, it should make no difference to the way the organization is managed. Its similar to the man who chooses not to take the
course examination. He still has the knowledge he has acquired whether or not he takes the exam and gets a certificate. What he cannot do is demonstrate to others that he has reached a certain level of education without having to prove it every time. People who know him dont care that he didnt take the exam. It is only those who dont know him that he will have difficulty convincing.

Many organizations were driven to seek ISO 9001 certification by pressure from customers rather than as an incentive to improve business performance and therefore sought the quickest route to certification. The critics called this
coercion and like most command and control strategies, believed it resulted in managers cheating just to get the badge. What was out of character was that suppliers that were well known to customers were made to jump through this
hoop in order to get a tick in a box in a list of approved suppliers. It became a necessary evil to do business. Certainly when perceived as a means to get a badge, the standard was no more than a marketing tool. It could have been
used as a framework for improvement but the way it was imposed on organizations generated fear brought about by ignorant customers who mistakenly believed that imposing ISO 9001 would improve quality. To achieve anything in our society we inevitably have to impose rules and regulations what the critics regard as command and control but unfortunately, any progress we make masks the disadvantages of this strategy and because we only do what we are required to do, few people learn. When people make errors more rules are imposed until we are put in a straightjacket and productivity plummets. There is a need for regulations to keep sharks out of the bathing area, but if the regulations prevent bathing we defeat the objective, as did many of the customers that imposed ISO 9001.

ISO 9001 includes the following standards:
•ISO 9001:2008 Quality management systems Requirements is intended for use in any organization regardless of size, type or product (including service). It provides a number of requirements which an organization needs to fulfill to achieve customer satisfaction through consistent products and services which meet customer expectations. It includes a requirement for continual (i.e. planned) improvement of the Quality Management System, for which ISO 9004:2000 provides many hints.
This is the only implementation for which third-party auditors can grant certification. It should be noted that certification is not described as any of the ‘needs’ of an organization as a driver for using ISO 9001 (see ISO 9001:2000 section 1 ‘Scope’) but does recognize that it may be used for such a purpose (see ISO 9001:2000 section 0.1 ‘Introduction’).
•ISO 9004:2000 Quality management systems – Guidelines for performance improvements covers continual improvement. This gives you advice on what you could do to enhance a mature system. This document very specifically states that it is not intended as a guide to implementation.
There are many more standards in the ISO 9001, many of them not even carrying “ISO 900x” numbers. For example, some standards in the 10,000 range are considered part of the 9000 group: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system. ISO notes: “The emphasis on certification tends to overshadow the fact that there is an entire family of ISO 9000 standards … Organizations stand to obtain the greatest value when the standards in the new core series are used in an integrated manner, both with each other and with the other standards making up the ISO 9000 family as a whole”.
Note that the previous members of the ISO 9000 series 9002 and 9003 have been integrated into 9001. In most cases, an organization claiming to be “ISO 9000 registered” is referring to ISO 9001.

The Implementation Steps Of ISO 9001 Standard Certification

ISO 9001 implementation steps, and prerequisites for a successful ISO certification success of ISO 9001 quality management system depends on the entire implementation was carried out.  The implementation steps for ISO 9001 Standards are as below:

(1) with a well-defined awareness training program started. You have to separate awareness training programs for top management, middle management and lower management. You need to the quality management, ISO 9001requirements and how quality management is to discuss making a difference in your organization. You can hire an outside consultant / trainer for the confidence in a professional manner.

(2) The next step is to perform a gap analysis. Gap analysis is a detailed and complete study of the current business processes of your organization vs. the request of the ISO 9001 standard. This is the most important and crucial stage during the entire ISO 9001 implementation process. Whether you are a manufacturer or a service organization, you need to benchmark your current business processes with ISO 9001 requirements. Results of the gap analysis study was created generating a gap analysis, you need to be circulated to all process owners and department heads. It is always advisable that you appoint a reputable and experienced consultants to carry out gap analysis of your company as an external consultant as a management consultant.

(3) gap analysis, you must complete workshop for the derivation of quality policy and quality objectives as process. These tasks will be the driving force behind the organization to improve performance and measurement.

(4) Based on the gap analysis and process as quality goals, you need to develop various documents such as quality manual, functional Procedures (SOP), formats, instructions, systems and checklists .

(5) is being developed by the Documentation, Procedures should owners officially approved and issued by a board representative. You need to training for the employees of your organization have to provide documents and it’s effective implementation.

(6) Process owners are required together with department heads and representatives of management to monitor effective implementation of the ISO 9001 system of organization and their processes / departments. Type help / assistance to users on the new system and ISO 9001 requirement if necessary to facilitate the proper implementation of ISO 9001 in the organization.

(7) Choose to be a team of employees trained as internal auditors. Talk to your consultant or trainer for the implementation of a comprehensive quality internal auditor training. This training allows your employees Auditing skills to understand process-oriented approach to the implementation of audit according to ISO 9001 clauses and requirements.

(8) Plan an internal audit and ensure that ISO 9001 internal audit is carried out according to schedule. If you wish, to facilitate wire in an external consultant will first round of internal audit. MR and auditors should ensure coordination with the auditee that the non-conformities are found during the audit is closed and the corrective measures are effective in nature.

(9) to discuss organizing management review meeting several points such as quality and objectives of the audit results, supplier performance, customer complaints and their redressal, customer feedback, and it is analysis, customer requests and their status, education, and it is the effectiveness, change in process or QMS, etc. Agenda and minutes of MRM is to be worked out with an action plan.

(10) Select a CA depending on your budget and your specific requirements. They have a practical experience of your advisor in selecting the most appropriate certification body.

(11) It is advisable to do a pre-assessment test before the final certification audit. Under the supervision of the results of the preliminary examination of the final exam schedule and communicate to everyone in the organization.

(12) Get out of the final certification audit and ensure that you close all non-matches (if any) in the stipulated time.

(13) you get a recommendation for ISO 9001 quality management system and you will receive a certificate as an ISO 9001 certified company

In order to meet the ISO 9001 Quality Standards, the business organization need to fulfill the following:

Standardizing Quality Systems

The ISO, or International Organization for Standardization, was established in 1947 to develop international standards for everything from electronics to management systems. Having over 13,000 standards currently in place, ISO has created the auditing and certification process known as ISO 9001. This began the drive toward quality standards.

Improving Customer Satisfaction

Companies choose to implement ISO 9001 and get certified because many customers and industries require it. By keeping customers happy, they can increase sales and profitability for their business. And if an area of the company’s program appears to be too bureaucratic and non-value-adding, then it might also be an area for continuous improvement efforts.

Enhancing Company Performance

Both customers and industries alike use ISO certification as a way to evaluate and audit their suppliers and products. Through an independent verification process, customers can gain assurance of their suppliers’ products. And as a supplier becomes certified, the testing requirement is waved, which saves the company both time and money.

Developing Best Practices

Employed as a “Best Practices” model, ISO 9001 utilizes the philosophy of the “Plan-Do-Check-Act” continuous improvement cycle to achieve requirements. This process approach centers around eight quality management principles used by management as a guide toward improving performance and identifying the main elements needed in a good quality system:

1. Customer Focus
2. Leadership
3. Involvement of People
4. Process Approach
5. Systems Approach to Management
6. Continuous improvement
7. Factual Approach to Decision-Making
8. Mutually Beneficial Supplier Relationship

Building Stable Processes

ISO 9001 policies, procedures and forms can provide employers, managers and employees with a systematic and consistent approach to implementing policies, plans, procedures and work routines. Instead of building their own policies and procedures from scratch, some companies prefer to hire professional writers that have already prepared a set of written policies and procedures to help on the way to certification.

Auditing a Company System

In the certification process, an independent registrar will perform an on-site audit of a company’s operations to verify that it complies with the ISO standard. If the business complies, then that company will be registered as ISO 9001 compliant.

Meeting Company and Customer Needs

On the way to certification, a business can meet its ISO needs by:

• Using well-defined processes and procedures to build stable processes
• Training in the audit and certification process
• Continuously improving with ISO 9001 standards

Noticing the Difference

With complete procedures manuals for ISO 9001 Quality Management System, required HR procedures, and an ISO training class, a template like an ISO 9001 Quality Manager Procedures Manual Series can help a business on its way to ISO 9001 certification. Sometimes the effort can be very great, but companies typically notice a remarkable difference in efficiency and effectiveness after the first year.

This is a summary of the ISO 9001:2008 Standard Requirements – i.e. the items spelled out in the ISO 9001 document. Your Quality Management System must address each of these requirements.

Section 1: Scope Talks about the standard and how it applies to organizations and:

• the importance of a process approach
• you need to include regulatory requirements of your products & services
• you need to have processes in place for continual improvement.

Section 2: Normative Reference

• References ISO 9000:2005 which should be used along with the standard. It outlines the
  Quality Management Systems-Fundamentals and Vocabulary

Section 3: Terms and Definitions

• Gives definitions used in the standard

Section 4: General Requirements Gives requirements for the overall Quality Management System

• Documentation Requirements, including:
  • Quality Manual with Scope of the QMS
  • Required Procedures
  • Required Forms & Records
  • Control of Documents
  • Control of Forms

Section 5: Management Responsibility Gives requirements for Management’s role in the QMS

• Management Responsibility
• Quality Policy & Objectives
• Customer Focus & Customer Satisfaction
• Management Review

Section 6: Resource Management Gives requirements for resources including:

• Personnel & Training
• Resource Management

Section 7: Product Realization Gives requirements for:

• the production of the product or service
• Planning
• customer related processes and Customer Feedback
• Design
• Purchasing
• Process control
• Identification and Traceability
• Customer Property

Section 8: Measurement, Analysis and Improvement

• Gives requirements on monitoring processes and improving those processes
• Customer Satisfaction
• Internal Audits
• Control of Non-Conforming Product
• Corrective and Preventive Action

Continual Improvement

• This is a critical piece of ISO 9001.
• Measure/monitor your QMS
• Find Root Cause of Problems

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function andthe ISO 9001 standard. This standard offers a wide range of advice on how todeal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to addressrequirements found in the International Standard, ISO 9001. From a managementperspective, the principles and practices of CM represent an accepted andunderstood foundation for implementing ISO-compliant processes in softwareengineering organizations. In addition, the growing number of tools forautomating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.

While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute ofElectrical and Electronics Engineers (IEEE), The International Organisation forStandardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990,Software Configuration Management Plans.

[Numbers in brackets are added]

“SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3]status accounting, and [4] configuration audits and reviews.”

IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraphcontaining the reference appears in parentheses):

• Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)
• Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
• Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)
• Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:

“Software configuration management is an umbrella activity … developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest.”

In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:

“Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.

“The [CM] system should

“a) identify uniquely the versions of each software item;

“b) identify the versions of each software item which together constitute a specific version of a complete product;

“c) identity the build status of software products in development or delivered and installed;

“d) control simultaneous updating of a given software item by more than one person;

“e) provide coordination for the updating of multiple products in one or more locations as required;

“f) identify and track all actions and changes resulting from a change request, from initiation … to release.”

Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:

“The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:

“Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form

“Control: controlling the release of product and changes to it throughout the life cycle …

“Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product

“Audit and review: validating the completeness of a product and maintaining consistency among the components …

“[The IEEE] definition of CM … needs to be broadened to encompass … :

“Manufacturing: managing the construction and building of the product

“Process management: ensuring the correct execution of the organization’s procedures, policies, and life-cycle model

“Team work: controlling the work and interactions between multiple developers on a product.”

In 1987, the International Organisation for Standardisation in Geneva Switzerland published ISO 9001, Quality Systems – Model for quality assurance in design / development, production, installation, and servicing.

ISO 9001 is the most comprehensive model in the ISO 9000 series of standards. It describes a minimum set of activities found in companies and organizations that consistently produce products that satisfy customer requirements. The policies, procedures, standards, records, and associated business activities are the quality system. While ISO 9001 is written to describe any company providing any product or service, it tends to employ manufacturing terminology, which must be interpreted for non-manufacturing environments, including service and software providers.

To ensure a uniform interpretation of ISO 9001 for software engineering organizations, ISO published ISO 9000-3, Guidelines for the Application of ISO 9001 to the development, supply and maintenance of software.

The key issues ISO 9000-3 addresses are those:

• Product exists earlier in software (during design and development)
• Software product can be proliferated easily

Focusing on these issues mirrors the guidance in Clause 7.4 of ISO 9000-1:1994:

The process of development, supply, and maintenance of software is different from that of most other types of industrial products in that there is no distinct manufacturing phase. Software does not “wear out” and, consequently, quality activities during the design phase are of paramount importance to the final quality of the product.

Note that ISO 9000-1 and ISO 9000-3 provides guidance. ISO 9001 is the only source of the requirements against which compliance in software engineering practices is assessed.

ISO 9001 and Configuration Management

Tracing the relationship between ISO 9001′s requirements and CM practices begins with an examination of the guidance in ISO 9000-3.

ISO 9000-3 and configuration management

ISO 9000-3 contains two appendices, Annex A and Annex B, that provide cross-references between ISO 9001 and ISO 9000-3. According to Annex A, five sections of ISO 9001 correlate to ISO 9000-3, Paragraph 6.1, Configuration Management:

• 4.4 Design control
• 4.5 Document data control
• 4.8 Product identification and traceability
• 4.12 Inspection and test status
• 4.13 Control of nonconforming product

Each of these sections of ISO 9001 contains a portion of the traditional CM process.

4.4 Design control addresses all of the steps in the software development life cycle: planning, specification, design, coding, testing

Section 4.4 requires that design inputs and outputs be documented, reviewed, verified, controlled, approved, and modified according todocumented procedures. Design inputs and outputs include plans(project life cycle definition), specifications, prototypes, requirementsdocuments, progress reports, review results, test plans, test cases/scripts, development tools, code, and test reports.

ISO 9001 4.4.9 Design changes, in conjunction with ISO 9001 4.14.2 Corrective action, and 4.13 Control ofnonconforming product, requires that each change be traceable to an appropriate source and approval.

For software product there should be a clear path between a change request spawned by a fault report or enhancement request and a change ina specific product component to correct the fault or to implement the enhancement.

An interested party should be able to pick up the path at any point and follow it forward to the released change and backward to the changerequest or to the fault report.

4.5 Document and data control addresses the identification, protection, approval, and availability of current issues of allpertinent product- and project-related documents, including designs, specifications, plans, and schedules.

Because a fundamental function of CM is making current configuration items available, the CM practices and tools can be applied to thecontrol of product- and process-related documentation and data.

4.8 Product identification and traceability requires that each version of a configuration item be identified by some appropriate means.

4.12 Inspection and Test Status requires procedures to identify what verification steps and tests have been completed and what resultshave been achieved by the product or product components at each phase in the defined development life cycle.

4.13 Control of Nonconforming Product requires procedures to ensure that untested, defective, or incorrect versions (e.g., down level) ofthe product are not inadvertently used. This paragraph of ISO 9001also requires a procedure to determine the disposition of nonconforming product at all stages.

For software, the bulk of the activity related to non-conforming product is in the correction of faults identified during allphases of development (e.g., during requirements definition, prototyping,integration testing, and beta testing) and after the product has been released (e.g., customer reported faults).