The first things to consider when we want to change a people intensive process are:
• What do the people involved fear? These are the risks – things that we must prevent.
• What do people hope for? These are the opportunities – things that we must strive to obtain.
In order to better understand risks and opportunities, we used a two-step approach. We started by interviewing two developers and one manager. The interviews were semi-structured in that we had a set of questions that we needed answers to but in
addition, we used follow-up questions to gain a better understanding of the answers to the predefined questions. The focus of the interview was on what they expected would happen if the company implemented an ISO 9001 certified process. Two typical examples of what came out of the interviews are shown below – one from a developer and one from a manger.
Manager: Implementing ISO 9001 will cost quite a lot. At the same time, the company will get a better overview of its competence, its experience and its document templates. ISO certification is an investment. We are, however, unsure of how long we have to wait before we can reap the benefits.
Developer: Some of the developers may have a negative attitude towards ISO certification because they are afraid it will hurt creativity. This is not only true for ISO 9001 standards but holds also for coding standards and other rules and regulations. Rules
and standards can take away all the fun from the job. In many ways this is the same attitude as we saw when we started to reuse components – many developers were afraid that they would not be allowed to develop things but just had to use “toy bricks”.
After the interviews we found that:
A. Everybody in the company – both mangers and developers – filled in the questionnaire.
The items in the questionnaire that got an average score of 5.0 or more were considered for risk and opportunity analysis. This gave us the following items:
• When we get ISO certified, we will have to generate more documents for each development project.
• It is important that all employees participate actively in the introduction of new processes, standards and procedures. This is consistent with e.g. Trittmann et al’s observation
• Active management participation is important in order to make the introduction of an ISO certified process a success.
• Active management support is important in order to make the introduction of ISO certification a success.
• An ISO certified process will lead to better working practices in the company in general.
Based on our findings, we identified the following risks that needed to be controlled throughout the implementation of the ISO 9001 certified process:
Risk 1: The introduction of new documents or additions to existing documents.
We decided that we should not make new documents except if absolutely needed.
Risk 2: Developer participation. The developers must be included at all steps in
the process. Their experiences and advices are important input to the new processes and procedures.
Risk 3: Management participation and support. Management must show their commitment by allocating money and time to the ISO implementation activities.
Opportunity 1: Better working practices. The changes in the development process must be considered to be improvements by the developers.
Management and developers are in agreement in the sense that everything the developers found important also was ranked high by management. There were, however, some cases where the two groups disagreed strongly – average score difference greater than 2.0. In all cases, management ranked these items higher than the developers.
The points are:
• Introducing an ISO certified process will cost a lot but will be a good investment – developers 3.3 vs. mangers 6.0
• Introducing an ISO certified process will give the company a better control over the order situation – developers 3.0 vs. mangers 6.0
• Introducing an ISO certified process will give us more satisfied customers already after one year – developers 3.2 vs. mangers 6.0
Management is more optimistic than the developers when it comes to business related issues such as order situation and customer satisfaction.
1. Apply the concept of Plan Do Check Act (PDCA). This PDCA concept is applied at the Quality Management System and the process levels.
2. Convert the question to requirement raised by QMR or the QMS Committee which derived from theISO 9001 standards. In this case, several questions can lead to one single requirement.
3. To edit those questions to suit the process that is to be audited. For example, you are going to audit the Purchasing/Procurement Department and you’re sitting down with the Audit Team trying to come up with relevant questions.
The main objective in auditing any process is to extract adequate information and evidence in order to verify that the process is conformant to the ISO 9001 requirements and that, it is effective in achieving its objectives. As an auditor, you need to be able to investigate, assess and verify the conformity and effectiveness of a given process, in terms of its planning, implementation, monitoring & measurement and improvement. As a Lead Auditor, preparing your Audit Team for the actual audit is crucial in ensuring success of the audit excercise. There is no better way to do that than by developing the audit questions with them.
Electronic documents that establish management system policies and procedures can be in a variety of file formats depending on the software applications that are utilized by the organization to generate the documents. Electronic file formats include, Text, HTML, PDF, etc. Spreadsheets and databases formats are also considered to be electronic “documents” subject to the control elements of the management system to being audited.
Given the relative ease with which users can now create electronic spreadsheets and other electronic documents, auditors (either internal or external) should ensure that policies governing the controls that apply to management system documentation in-general are also employed for electronic documents through appropriate procedures.
Organizations need to employ suitable and effective methods within the electronic environment for ensuring the adequate review, approval, publication and distribution of its management system documentation. These should be consistent with the methods for the development and modification of electronic documents.
In many cases document control measures may also be standard features of software applications used for their creation. Therefore auditors should understand these application-specific controls to the degree that these are utilized as a basis for conformance to the applicable management system standard.
Given the increased capacity to modify, update, reformat and otherwise improve documents within an electronic-based management system, auditors should pay particular attention to control elements such as document identification and document revision level.
As electronic media facilitates an increased rate of document modifications, auditors should verify that the controls being employed for the management of obsolete documents are considered within the organizations’ document control policies and procedures.
Auditors should verify that electronic-based documentation exists to provide orientation to users with regard to the functional and control aspects associated with electronic documents. Additionally, “Point-of-use” requirements associated with the applicable management system standards will typically be addressed in part by the organization’s document access policies. Auditors should understand the organization’s policies and procedures regarding user privileges as these become important factors for properly realizing the organization’s processes.
External electronic communication with suppliers, customers and other interested parties may involve the exchange of documents. Given that these external documents may contain key parameters that specify the functioning of the organization’s processes, auditors should verify the degree to which these documents are formally introduced and controlled within the electronic-based management system.
Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8?700, mostly technical related standards on this basis. Standards Series such as ISO 9000, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.
ISO is a word derived from the Greek isos, meaning “equal”. ISO 9000 Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9000 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430?000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9000 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.
ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9000. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000?, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)
Electronic documents that establish management system policies and procedures can be in a variety of file formats depending on the software applications that are utilized by the organization to generate the documents. Electronic file formats include, Text, HTML, PDF, etc. Spreadsheets and databases formats are also considered to be electronic “documents” subject to the control elements of the management system to being audited.
Given the relative ease with which users can now create electronic spreadsheets and other electronic documents, auditors (either internal or external) should ensure that policies governing the controls that apply to management system documentation in-general are also employed for electronic documents through appropriate procedures.
Organizations need to employ suitable and effective methods within the electronic environment for ensuring the adequate review, approval, publication and distribution of its management system documentation. These should be consistent with the methods for the development and modification of electronic documents.
In many cases document control measures may also be standard features of software applications used for their creation. Therefore auditors should understand these application-specific controls to the degree that these are utilized as a basis for conformance to the applicable management system standard.
Given the increased capacity to modify, update, reformat and otherwise improve documents within an electronic-based management system, auditors should pay particular attention to control elements such as document identification and document revision level.
As electronic media facilitates an increased rate of document modifications, auditors should verify that the controls being employed for the management of obsolete documents are considered within the organizations’ document control policies and procedures.
Auditors should verify that electronic-based documentation exists to provide orientation to users with regard to the functional and control aspects associated with electronic documents. Additionally, “Point-of-use” requirements associated with the applicable management system standards will typically be addressed in part by the organization’s document access policies. Auditors should understand the organization’s policies and procedures regarding user privileges as these become important factors for properly realizing the organization’s processes.
External electronic communication with suppliers, customers and other interested parties may involve the exchange of documents. Given that these external documents may contain key parameters that specify the functioning of the organization’s processes, auditors should verify the degree to which these documents are formally introduced and controlled within the electronic-based management system.
There are a number of sources of information on the ISO 9000 quality management system standards, including
ISO’s web site (www.iso.org), which carry information on the standards. Your National Standards Body should be
able to provide copies of the standards, and registrars/certification bodies will be able to provide guidance on
registration arrangements.
Why are the standards being revised?
ISO’s formal review process:
- Requires continual review to keep standards up to date. Must be initiated within 3 years of publication of a standard.
User inputs from:
- A global user questionnaire/survey
- A market Justification Study
- Suggestions arising from the interpretation process
- Opportunities for increased compatibility with ISO 14001
- The need for greater clarity, ease of use, and improved translation
Current trends:
- Keeping up with recent developments in management system practices.
Who is responsible for revising the standards?
The revision process is the responsibility of ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC 2) and is conducted on the basis of consensus among quality and industry experts nominated by ISO Member bodies, and representing all interested parties.
When will the revised standards be available?
The revised quality management system standards (ISO 9000, 9001 and 9004) are scheduled as follows:
- ISO 9000:2005 already published – no major changes expected for 2009
- Current plan is for small changes to ISO 9001 (an “amendment”) to be published in November 2008.
- More significant changes are planned for ISO 9004 (a “revision”) to be published in mid 2009.
How much is the implementation of the new standard going to cost?
One of the goals of ISO/TC 176/SC 2 is to produce standards that will minimize any potential costs during a smooth implementation. Any additional costs may be considered as a value-adding investment. A key factor in the development of ISO 9001:2008 was to limit the impact of changes on users.
Will my organization have to re-write all its documentation?
No. ISO 9001:2008 doesn’t introduce major changes to the requirements, when compared to ISO 9001:2000. However, to benefit from the changes, we suggest you get acquainted with the new version of the standard and the clarifications introduced. If, during your analysis of the clarifications you find there are differences from your current interpretation of ISO 9001:2000, then you should analyse the impact on your current documentation and make the necessary arrangements to update it. It is intended that the amendment of ISO 9001 will have minimal or no impacts on documentation.
Will the revised standards address financial issues?
Financial issues are not addressed in ISO 9001:2008, which is a requirements standard. The ISO 10014:2006 and ISO 9004:2000, Guidelines for performance improvements standards will emphasize the financial resources needed for the implementation and improvement of a quality management system.
What are the benefits of the revised standards?
For ISO 9001:2008 the major benefits are:
- Simple to use
- Clear in language
- Readily translatable and easily understandable
- Compatibility with other management systems such as ISO 14001.
For ISO 9004:
- Facilitates improvement in users’ quality management systems.
- Provides guidance to an organization for the creation of a quality management system that:
- creates value for its customers, via the products it provides
- creates value for all other interested parties
- balances all interested-party viewpoints.
- Provides guidance for managers on leading their organization towards sustained success.
- Forward compatibility to allow organizations to build on existing quality management systems.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and changes that are intended to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008
What are the main benefits to be derived from implementing an ISO 9000 quality management system?
The ISO 9000 standards give organizations an opportunity to increase value to their activities and to improve their performance continually, by focusing on their major processes. The standards place great emphasis on making quality management systems closer to the processes of organizations and on continual improvement. As a result, they direct users to the achievement of business results, including the satisfaction of customers and other interested parties.
The management of an organization should be able to view the adoption of the quality management system standards as a profitable business investment, not just as a required certification issue.
Among the perceived benefits of using the standards are:
- The connection of quality management systems to organizational processes
- The encouragement of a natural progression towards improved organizational performance, via:
- the use of the Quality Management Principles
- the adoption of a “process approach”
- emphasis of the role of top management
- requirements for the establishment of measurable objectives at relevant functions and levels
- being orientated toward “continual improvement” and “customer satisfaction”, including the monitoring of information on “customer satisfaction” as a measure of system performance.
- measurement of the quality management system, processes, and product
- consideration of statutory and regulatory requirements.
- attention to resource availability
How will the implementation of the amended standard help my organization to improve its efficiency?
ISO 9001:2008 aims at guaranteeing the effectiveness (but not necessarily the efficiency) of the organization. For improved organizational efficiency, however, the best results can be obtained by using ISO 9004 in addition to ISO 9001:2008. The guiding quality management principles are intended to assist an organization in continual improvement, which should lead to efficiencies throughout the organization.
What benefits are there to an organization implementing ISO 9004 ?
If a quality management system is appropriately implemented, utilizing the eight Quality Management Principles, and in accordance with ISO 9004, all of an organization’s interested parties should benefit. For example:
Customers and users will benefit by receiving the products (see ISO 9000:2005, Fundamentals and vocabulary) that are:
- Conforming to the requirements
- Dependable and reliable
- Available when needed
- Maintainable
People in the organization will benefit by:
- Better working conditions
- Increased job satisfaction
- Improved health and safety
- Improved morale
- Improved stability of employment
Owners and investors will benefit by:
- Increased return on investment
- Improved operational results
- Increased market share
- Increased profits
Suppliers and partners will benefit by:
- Stability
- Growth
- Partnership and mutual understanding
Society will benefit by:
- Fulfilment of legal and regulatory requirements
- Improved health and safety
- Reduced environmental impact
- Increased security
Are the standards compatible with national quality award criteria?
The standards are based on 8 Quality Management Principles, which are aligned with the philosophy and objectives of most quality award programs. These principles are:
- Customer focus,
- Leadership,
- Involvement of people,
- Process approach,
- System approach to management,
- Continual improvement,
- Factual approach to decision making, and
- Mutually beneficial supplier relationships.
ISO 9004 recommends that organizations perform self-assessments as part of their management of systems and processes, and includes an annex giving guidance on this approach. This is similar to many quality awards programmes.
Why is the requirement for monitoring “customer satisfaction” included in ISO 9001?
“Customer satisfaction” is recognized as one of the driving criteria for any organization. In order to evaluate if a product meets customer needs and expectations, it is necessary to monitor the extent of customer satisfaction.
Improvements can be made by taking action to address any identified issues and concerns.
Can the standards improve “customer satisfaction”?
The quality management system details that are described in the standards are based on Quality Management Principles that include the “process approach” and “customer focus”. The adoption of these principles should provide customers with a higher level of confidence that products will meet their needs and increase their satisfaction.
What is meant by “continual improvement”?
Continual improvement is the process focused on continually increasing the effectiveness and/or efficiency of the organization to fulfil its policies and objectives. Continual improvement (where “continual” highlights that an improvement process requires progressive consolidation steps) responds to the growing needs and expectations of the customers and ensures a dynamic evolution of the quality management system.
What is a process?
Any activity or operation, which receives inputs and converts them to outputs, can be considered as a process. Almost all activities and operations involved in generating a product or providing a service are processes. For organizations to function, they have to define and manage numerous inter-linked processes. Often the output from one process will directly form the input into the next process. The systematic identification and management of the various processes employed within an organization, and particularly the interactions between such processes, may be referred to as the ‘process approach’ to management.
What is the “process approach”?
The “process approach” is a way of obtaining a desired result, by managing activities and related resources as a process. The “process approach” is a key element of the ISO 9000 standards. For further guidance, please refer to the ISO 9000 Introduction and Support Package module: Guidance on the Concept and Use of the Process Approach for management systems.
Can the “process approach” be applied to other management systems?
Yes. The “process approach” is a generic management principle, which can enhance an organization’s effectiveness and efficiency in achieving defined objectives.
How can the PDCA cycle be used in the “process approach”?
The PDCA cycle is an established, logical, method that can be used to improve a process.
This requires:
(P) planning (what to do and how to do it),
(D) executing the plan (do what was planned),
(C) checking the results (did things happened according to plan) and
(A) act to improve the process (how to improve next time).
The PDCA cycle can be applied within an individual process, or across a group of processes.
Can any organization apply the “process approach”?
Yes. Many organizations already apply a “process approach” without recognizing it. They could achieve additional benefits by understanding and controlling it.
Why should an organization apply the “process approach”?
By applying the “process approach” an organization should be able to obtain the following types of benefits:
- The integration and alignment of its processes to enable the achievement of its planned results.
- An ability to focus effort on process effectiveness and efficiency.
- An increase in the confidence of customers and other interested parties as to the consistent performance of the
organization.
- Transparency of operations within the organization.
- Lower costs and shorter cycle times through effective and efficient use of resources.
- Improved, consistent and predictable results.
- The identification of opportunities for focused and prioritized improvement initiatives.
- The encouragement and involvement of people, and the clarification of their responsibilities.
- The elimination of barriers between different functional units and the unification of their focus to the objectives
of the organization.
- Improved management of process interfaces.
What is meant by the “sequence” of processes and their “interactions”?
The “sequence” of processes shows how the processes follow, or link, to each other to result in a final output.
For example, the output from one process may become the input of the next process or processes.
The “interactions” show how each process affects or influences one or more of the other processes. For example,
the monitoring or controlling of a process may be established in a separate process.
How can the processes in an organization be determined?
Identify the organization’s intended outputs, and the processes needed for achieving them. These will need to
include processes for Management, Resources, Realization and Measurement and Improvement.
- Identify all process inputs and outputs, along with the suppliers and customers, who may be internal or
external.
- Identify the sequence and interactions of the processes.
Should an organization define and document all its processes?
The main purpose of documentation is to enable the consistent and stable operation of an organization’s
processes.
Although statutory, standards’ or customer requirements may require certain documentation, there is no defined
“catalogue”, or list of processes that has to be documented in ISO 9001, apart from the 6 indicated ones.
The organization should determine which processes are to be documented on the basis of:
- The size of the organization and type of its activities,
- The complexity of its processes and their interactions,
- The criticality of the processes and
- Availability of competent personnel.
A number of different methods can be used to document processes, such as graphical representations, written
instructions, checklists, flow charts, visual media, or electronic methods.
How much detail is required in process documentation?
The extent of detail is likely to depend upon factors such as:
- the size of an organisation and its types of activities,
- the complexity of its processes and their interactions, and
- the competence (level of education, training, skills and experience) of its personnel.
What is the difference between a “process” and a “procedure”?
A “process” may be explained as a set of interacting or interrelated activities, which are employed to add value. A
“procedure” is a method of describing the way or How in which all or part of that process activities shall/should be
performed.
ISO 9000:2005 defines a procedure as a “specified way to carry out an activity or a process”, which does not
necessarily have to be documented.
An organization has a well-established set of procedures. Can these procedures be used to help
describe its processes?
Yes, if the procedures describe inputs and outputs, appropriate responsibilities, controls and resources needed to satisfy customer requirements.
What documentation is required by ISO 9001?
ISO 9001:2008 refers specifically to only 6 documented procedures; however, other documentation (including more documented procedures not specifically mentioned in ISO 9001:2008) may be required by an organization, in order to manage the processes that are necessary for the effective operation of the quality management system. This will vary depending on the size of the organization, the kind of activities in which it is involved and their complexity. For further guidance, please also refer to the ISO 9000 Introduction and Support Package module “Guidance on the Documentation Requirements of ISO 9001:2008″
What does an organization need to do to comply with ISO 9001?
When initially starting to use ISO 9001, an organization should familiarize its personnel with the Quality Management Principles, analyze the standards (especially ISO 9000 and ISO 9004), and consider how their guidance and requirements may affect your activities and related processes. If it then wishes to proceed to registration/certification, it should perform a gap analysis against the requirements of ISO 9001 to determine where its current quality management system does not address the applicable ISO 9001:2008 requirements, before developing and implementing additional processes to ensure that compliance will be achieved.
ISO 9001:2008 will supersede ISO 9001:2000 However, noting the IAF/ISO-CASCO/ISO TC176 agreement that accredited certification to the 2000 edition should remain possible for up to 2 years after the publication of ISO 9001:2008, copies of the 2000 edition will still be available on request from ISO and the national standards bodies during that period, and possibly for even longer.
Can organizations remain certified/registered to the 2000 version?
Yes. Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008. However, certificates to ISO 9001:2000 will only remain valid until 2 years after the publication of ISO 9001:2008. Contact your certification/registration body to get details on the certificates transition process.
What will happen to the other standards and documents in the current (2000) ISO 9000 family?
The four primary standards of the current ISO 9000 family are the following:
- ISO 9000:2005 already published – no major changes expected for 2009
- ISO 9001:2000 to be superseded by ISO 9001:2008
- More significant changes are planned for ISO 9004 with a planned publication date of late 2009.
- ISO 19011:2002 is currently beginning the revision process, with a new version expected in 2011.
The other standards and documents will be reviewed and updated as necessary
1. Apply the concept of Plan Do Check Act (PDCA). This PDCA concept is applied at the Quality Management System and the process levels.
2. Convert the question to requirement raised by QMR or the QMS Committee which derived from the ISO 9001 standards. In this case, several questions can lead to one single requirement.
3. To edit those questions to suit the process that is to be audited. For example, you are going to audit the Purchasing/Procurement Department and you’re sitting down with the Audit Team trying to come up with relevant questions.
The main objective in auditing any process is to extract adequate information and evidence in order to verify that the process is conformant to the ISO 9001 requirements and that, it is effective in achieving its objectives. As an auditor, you need to be able to investigate, assess and verify the conformity and effectiveness of a given process, in terms of its planning, implementation, monitoring & measurement and improvement. As a Lead Auditor, preparing your Audit Team for the actual audit is crucial in ensuring success of the audit excercise. There is no better way to do that than by developing the audit questions with them.
When an organization chooses not to pursue ISO 9001 certification or not to retain the ISO 9001 certificate, it should make no difference to the way the organization is managed. It’s similar to the man who chooses not to take the course examination. He still has the knowledge he has acquired whether or not he takes the exam and gets a certificate. What he cannot do is demonstrate to others that he has reached a certain level of education without having to prove it every time. People who know him don’t care that he didn’t take the exam. It is only those who don’t know him that he will have difficulty convincing.
While each implementation is dependent on the company, the industry, customers, etc., here’s a good starting point:
1.) Identify what your customer expects of your company. Consider both sales and after-sales aspects, from the customer’s point of view.
2.) Develop a philosophy (Quality Policy) that addresses (1). This means clause 5.3.
3.) Identify your processes, keeping in mind the importance of each as compared to (1) above. This means clause 4.1.
4.) Identify your management structure, being sure it supports and does not conflict with (1), (2) or (3). This means the rest of Clause 5 in the standard.
5.) Figure out resource issues. This means all of Clause 6.
7.) From there, work on clauses 7 & 8. This part is particularly hard to define as a generic plan, because how it is done is unique to each company, and the results of (1) through (6) above.
Tips:
(a) Keep documentation to the absolute minimum.
(b) Put “required procedures” and process maps in your Quality Manual, instead of subordinate documents. This makes the QM useful, instead of just a throwaway restatement of the standard. Limits documentation overall.
(c) Spend a lot of time on process identification and definition, so that you understand them and can manage them
(d) Develop an internal audit program (process!) that reflects your company needs, not a checklist method used by registrars
1. Analyze your businesses’ core process(es) for converting customer needs into cash at a high level to show the sequence and interaction of the key processes within the core process (one page).
2. Identify (and assign a code) each of the key processes within your system (as-is) and the new ones necessary for the system to be used to add value faster and prevent loss sooner (the chosen system standard is very helpful for listing the missing processes). Expect 20 to 50 key processes.
3. Analyze each of the key processes by working with the process owner to determine each processes’ objective, team, inputs, value-adding steps (tasks, meetings, decisions), outputs; then link the procedure to the other controls and process with which it interacts (one page each).
4. Leaders explain their policy, the obligations of the system (already 85% or so implemented) and its benefits.
5. Train process teams in any new processes so they are working effectively from day one.
6. Describe the system and how it works, the policy and objectives in a less than 10 page manual.
7. Launch the system and invite lots of suggested improvements.
8. Gather and analyze data to become information for use by decision makers to improve products, processes and the system.
9. Audit the performance of the system independently of any other process control to provide impartial information on how well the system is helping employees to do their jobs.
10. Use and improve the system, its processes and your products so your organization adds value faster and prevent loss sooner.