ISO 9001 Standard / ISO 9001 Standards – ISO 9000 Standard / ISO 9000 Standards Certification & Implementation

Records required by ISO 9001:2008

Clause Record required
5.6.1 Management reviews
6.2.2 e) Education, training, skills and experience
7.1 d) Evidence that the realization processes and resulting product fulfil requirements
7.2.2 Results of the review of requirements related to the product and actions arising from the review
7.3.2 Design and development inputs relating to product requirements
7.3.4 Results of design and development reviews and any necessary actions
7.3.5 Results of design and development verification and any necessary actions
7.3.6 Results of design and development validation and any necessary actions
7.3.7 Results of the review of design and development changes and any necessary actions
7.4.1 Results of supplier evaluations and any necessary actions arising from the evaluations
7.5.2 d) As required by the organization to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement
7.5.3 The unique identification of the product, where traceability is a requirement
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use
7.6 a) Basis used for calibration or verification of measuring equipment where no international or national measurement standards exist
7.6 Validity of the previous measuring results when the measuring equipment is found not to conform to requirements
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results and follow-up actions
8.2.4 Indication of the person(s) authorizing release of product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
8.5.2 e) Results of corrective action
8.5.3 d) Results of preventive action

Demonstrating conformity with ISO 9001:2008

For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines  “objective evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4

Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

This Implementation Guidance has been developed to assist users in understanding the issues that need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.

While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited impact on users, some arrangements regarding implementation are needed.

Note: To reflect the limited scope of the changes the term “implementation” is now being used to make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when there were significant changes throughout the standard.

A wide diffusion of this implementation guidance is recommended, in particular the comparison table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.

ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.

Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008 No new requirements were introduced in this edition but, in order to benefit from the clarifications of ISO 9001:2008, users of the former version will need to take into consideration whether the clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as changes may be necessary to their QMS In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.

Prior to the commencement of a revision (or amendment) to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a “Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:

- the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004

- feedback from the ISO/TC 176/Working Group on “Interpretations”

- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.

The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:

1) No changes with high impact would be incorporated into the standard;

2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;

3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:

- No changes or minimum changes on user documents, including records

- No changes or minimum changes to existing processes of the organization

- No additional training required or minimal training required

- No effects on current certifications

The benefits identified for the ISO 9001:2008 edition fall into the following categories:

- Provides clarity

- Increases compatibility with ISO 14001.

- Maintains consistency with ISO 9000 family of standards.

- Improves translatability.

Guidance on Clause 4.2 of ISO 9001:2008

The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.

a) Documented statements of a quality policy and objectives:

Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.

Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).

Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.

b) Quality Manual:

Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS

A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.

Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.

The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.

c) Documented procedures:

ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:

4.2.3 Control of documents

4.2.4 Control of records

8.2.2 Internal audit

8.3 Control of nonconforming product

8.5.2 Corrective action

8.5.3 Preventive action

These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3 Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.

Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.

Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.

d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:

In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:

- Quality policy (clause 4.2.1.a)

- Quality objectives (clause 4.2.1.a)

- Quality manual (clause 4.2.1.b)

There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples

may include:

- Process maps, process flow charts and/or process descriptions

- Organization charts

- Specifications

- Work and/or test instructions

- Documents containing internal communications

- Production schedules

- Approved supplier lists

- Test and inspection plans

- Quality plans

All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable

e) Records:

Examples of records specifically required by ISO 9001:2008 are presented in Annex B.

Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.

Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

Demonstrating conformity with ISO 9001:2008

For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.

Update on ISO 9001:2008

Following a recent meeting of ISO’s Technical Committee TC176 in Helsinki, Finland, from June

11 – 15t, 2007, publication of the new version of ISO 9001 has been brought forward from 2009

and is now scheduled to be published in October 2008. Experts representing over 70 ISO member

bodies, met to discuss the comments received during circulation of the Committee Draft (“CD”) of

the new standard, and concluded that in view of the very limited changes being proposed, the draft

is now sufficiently mature to progress directly to the DIS (Draft International Standard).

The main changes being introduced into the new standard are as follows:

Clause 0.2 (Process approach)

Text added to emphasize the importance of processes being capable of achieving desired outputs

Clause 1.1 (Scope)

Clarification that “product” also includes intermediate product

Explanation regarding statutory, regulatory and legal requirements

Clause 4.1 (General requirements)

Notes added to explain more about outsourcing

Types of control that may be applied to outsourced processes

Relationship to clause 7.4 (Purchasing)

Clarification that outsourced processes are still responsibility of the organization and must be

included in the quality management system

Clause 4.2.1 (Documentation)

Clarification that QMS documentation also includes records

Documents required by the standard may be combined

ISO 9001 requirements may be covered by more than one documented procedure

Clause 4.2.3 (Document control)

Clarification that only external documents relevant to the QMS need to be controlled

Clause 4.2.4 (Records control)

Editorial changes only (better alignment with ISO 14001)

Clause 5.5.2 (Management rep)

Clarifies that this must be a member of the organization’s own management

Clause 6.2.1 (Human resources)

Clarification that competence requirements are relevant for any personnel who are involved in the

operation of the quality management system

Clause 6.3 (Infrastructure)

Includes information systems as example

Clause 6.4 (Work environment)

Clarifies that this includes conditions under which work is performed and includes, for example

physical, environmental and other factors such as noise, temperature, humidity, lighting, or weather

Clause 7.2.1 (Customer related processes)

Clarifies that post-delivery activities may include:

- Actions under warranty provisions

- Contractual obligations such as maintenance services

- Supplementary services such as recycling or final disposal

Clause 7.3.1 (Design & development planning)

Clarifies that design and development review, verification and validation have distinct purposes

These may be conducted and recorded separately or in any combination as suitable for the product

and the organization

Clause 7.3.3(Design & development outputs)

Clarifies that information needed for production and service provision includes preservation of the product

Clause 7.5.4 (Customer property)

Explains that both intellectual property and personal data should be considered as customer property

Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)

Explanatory notes added regarding the use of computer software: “Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.”

Clause 8.2.1 (Customer satisfaction)

Note added to explain that monitoring of customer perception may include input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, and dealer reports

Clause 8.2.3 (Monitoring / Measurement of process)

Note added to clarify that when deciding on appropriate methods, the organization should consider impact on the conformity to product requirements and on the effectiveness of the quality management system.

The standard is based around the principles of customer satisfaction, continual improvement and the development of a process based quality management system. Although not referenced in the standard itself the ISO 9001:2008 document is underpinned by eight key quality management principles;

• a customer focused organisation
• leadership
• the involvement of people
• ensuring a process approach
• a systematic approach to management
• a factual approach to decision making
• mutually beneficial supplier relations
• continuous improvement

ISO 9001:2008 has been written to ensure that its guiding principles are equally relevant to all sectors of industry and to all types of organisation. Although containing requirements to control the key processes within an organisation, it only requires six documented procedures. The standard emphasises the need for an organisation to continually monitor their own processes and systems, with many clauses making reference to self monitoring or measurement or both. This emphasis aims for an integrated approach to business processes. Instead of operating to a business plan on one hand and a quality management system on the other, the standard aims to integrate both of these functions into one system.

What is a quality management system?
ISO 9001:2008 is a standard that specifies criteria for a quality management system (QMS). A QMS incorporates those elements of an organisations management system that direct and control it with regard to quality. Such a system will need to be supported by top management who will need to be able to demonstrate management commitment.

How do you demonstrate management commitment?
Management commitment is one of the cornerstones of ISO 9001:2008, requiring top management to develop and improve the QMS throughout the organisation. This commitment can be demonstrated by a number of methods including creating a quality policy, conducting management reviews and establishing quality objectives.

What is a quality policy?
ISO 9001:2008 specifies that an organisation must have a quality policy that documents the organisations overall intentions and direction related to quality as formally expressed by top management. Such a policy will include a commitment to comply with ISO 9001:2008, to continuously improve the QMS and to set and monitor measurable quality objectives.

What are quality objectives?
The quality objectives are those targets sought or aimed for by the organisation that are related to quality. These quality objectives must be SMART (suitable, measurable, achievable, reviewed and timely). Examples of quality objectives might be; to reduce machine down time by 20% or to reduce rework costs by ?00 p/m. Whatever quality objectives are chosen they must be meaningful and adequately resourced by the organisation.

What is a management review?
A management review is a key element of how the top management of an organisation can assess its performance in terms of the objectives it sets itself, the requirements set by the standard and how its systems are operating. Normally, a management review is a regular meeting of the top management team and uses the information that the organisation? systems have derived. It is a useful forum to review and revise quality objectives.

What are internal audits and why do I need to carry them out?
Internal audit is one of the key monitoring processes required by the standard and functions as a check on the organisation? systems. It is the opportunity for an organisation to determine compliance to the systems it has established and maintained to meet the needs of its customers and identify opportunities for improvement. Internal audit can be seen as a ealth check?for an organisation.

The ore?of ISO 9001:2008, Product realisation
Clause 7 of ISO 9001:2008 contains the core processes that most organisations carry out. Any clause or sub-clause in section 7 can be excluded from an organisations quality management system if it can be justifiably excluded. Examples of common exclusions are clause 7.3 design and development, clause 7.5.3 traceability and clause 7.6 the control of monitoring and measuring devices. Clauses can only be excluded if their exclusion does not affect the company? ability to provide a product or service that meets customer requirements.

These core processes should be managed and controlled via the quality management system, and are evaluated for effectiveness and suitability by the internal audits with feed back into the management review.

This is a clear demonstration of one of the key principles of ISO 9001:2008, continuous improvement by critical self-evaluation. The output from the self-evaluation is fed into a planning stage to determine actions needed to improve the system. Following the planning and consultation comes the action phase where the proposed changes are implemented. Then the cycle starts again by checking that the changes are effective and meaningful by self-evaluation.

Other requirements of section 7 are;
Product planning to ascertain and then implement the necessary controls and resources to ensure product realisation.

Purchasing control to verify purchased product against comprehensive purchasing information and the selection and evaluation of suppliers.

Production and service provision to ensure that this activity is carried out in controlled conditions and that any processes that cannot be verified during production are validated to ensure capability. Where appropriate the product must be identified, and if required, traceable at all stages of production. Any customer property must be identified and protected from harm and all products must be stored and handled in such a way to preserve product conformity.

Any monitoring and measuring devices needed to provide evidence of product conformity must be identified and if necessary calibrated.

But what about the customer?
All of the clauses in ISO 9001:2008 are in some way focused towards meeting and exceeding the customer? expectations. For example the requirement of management to determine and communicate the importance of customer requirements throughout the organisation, and the review of customer orders to ensure that they can be met. Companies are required to implement methods for effective communication with the client at all stages of the business including ascertaining customer satisfaction after the product or service has been delivered as well as resolving customer complaints.

Finally?
ISO 9001:2008 is widely acclaimed as being the pre-eminent specification for quality management systems, it requires a company to look at itself and ask the question, ‘how can we improve?’ An ISO 9001:2008 management system should be an essential part of any business process, requiring continual improvement by self-evaluation with a goal of ensuring that current and future customer expectation can be met and exceeded.

If you have any queries concerning ISO 9001:2008 please visit http://www.iso-consults.com/

Migration To ISO 9001:2008
The International Accreditation Forum (IAF) and the International Organization for
Standardization (ISO) have agreed on an implementation plan to ensure a smooth transition of
accredited certification to ISO 9001:2008, the latest version of the world’s most widely used
standard for quality management systems (QMS). The details of the plan are given in the joint
communiqué by the two organizations which appears below.
Like all of ISO’s more than 17 000 standards, ISO 9001 is periodically reviewed to ensure that it
is maintained at the state of the art and a decision taken to confirm, withdraw or revise the
document.
ISO 9001:2008, which is due to be published before the end of the year, will replace the year
2000 version of the standard which is implemented by both business and public sector
organizations in 170 countries. Although certification is not a requirement of the standard, the
QMS of about one million organizations have been audited and certified by independent
certification bodies (also known in some countries as registration bodies) to ISO 9001:2000.
ISO 9001 certification is frequently used in both private and public sectors to increase
confidence in the products and services provided by certified organizations, between partners
in business-to-business relations, in the selection of suppliers in supply chains and in the right
to tender for procurement contracts.
ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing and
certification. These services are performed independently of ISO by certification bodies. ISO
does not control such bodies, but does develop voluntary International Standards to
encourage good practice in their activities on a worldwide basis. For example, ISO/IEC
17021:2006 specifies the requirements for bodies providing auditing and certification of
management systems.
Certification bodies that wish to provide further confidence in their services may apply to be
“accredited” as competent by an IAF recognized national accreditation body. ISO/IEC
17011:2004 specifies the requirements for carrying out such accreditation. IAF is an
international association whose membership includes the national accreditation bodies of 49
economies.
ISO technical committee ISO/TC 176, Quality management and quality assurance, which is
responsible for the ISO 9000 family of standards, is preparing a number of support documents
explaining what the differences are between ISO 9001:2008 and the year 2000 version, why
and what they mean for users. Once approved, these documents will be posted on the ISO
Web site – probably in October 2008.

ISO (International Organization for Standardization) and the IAF (International Accreditation
Forum) have agreed an implementation plan to ensure a smooth migration of accredited
certification to ISO 9001:2008, after consultation with international groupings representing
quality system or auditor certification bodies, and industry users of ISO 9001 certification
services.
ISO 9001:2008 does not contain any new requirements
They have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008
only introduces clarifications to the existing requirements of ISO 9001:2000 based on eight
years of experience of implementing the standard world wide with about one million
certificates issued in 170 countries to date. It also introduces changes intended to improve
consistency with ISO14001:2004
The agreed implementation plan in relation to accredited certification is therefore the
following:
Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO
9001:2008 as an International Standard.
Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued
after official publication of ISO 9001:2008 (which should take place before the end of 2008)
and after a routine surveillance or recertification audit against ISO 9001:2008.
Validity of certifications to ISO 9001:2000
One year after publication of ISO 9001:2008 all accredited certifications issued (new
certifications or recertifications) shall be to ISO 9001:2008.
Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued
to ISO 9001:2000 shall not be valid.