In manufacturing we know what a defect is.  Good products are made to specifications and therefore meet customer requirements.  A good product meets the intended purpose, has the right dimensions, and is what was ordered.  The product does not break when used.  It is free from dents, scratches, or material blemishes.  The product should be clean, safe, and doesn’t make the customer think.  It should just work…

We see product defects.  They are pretty obvious.  So why can’t we see service defects?

Manufacturers also have service requirements.  The product must be delivered on time.  If it does fail in the field, then timely support should be available to fix the problem.  Many products are sold on credit (a service).  Some even install, train and maintain the product, an obvious service requirement.

But what about customer service?

That’s right, it is a service too.  The customer expects a manufacturer to take the order correctly, to understand the customers business enough to know what the product is being ordered to do in the field.  Customers also expect to interact with friendly and polite personnel that understand that the client’s time is valuable.

Yet, many manufacturing organizations only seem to think in terms of product or material defects even though there are apparent service requirements in every business.  Nonconformances are not only about product failures.  In today’s world, many companies are assembling and integrating components (a service) more that manufacturing them from scratch.  We are realizing that we are actually more of a service economy than a manufacturing economy.  So we need to start understanding our service failures to start tracking our service nonconformances.

Services contain many implied requirements based on your industry, which defines your customer’s expectations.  Failing to deliver upon the clients expectations might produce customer complaints and would constitute a Service Nonconformance.  Perhaps you receive feedback from your customers when an expectation is not met.  Customer feedback for corrective action is more than complaints.  So what are the top ten customer expectations that lead to a service nonconformance?

Top Ten Customer Expectations That Drive Service Nonconformances

1. Friendly, polite interactions with an understanding that the client’s time is valuable.
2. Work hours convenient to the customer.
3. Timely delivery, interactions and repairs to prevent delays which affect the customer’s schedule.
4. Competent staff that don’t make errors, omissions or just plain poor assumptions.
5. No Rework, resubmission, repeating, or repairs.
6. No Unauthorized changes to projects, schedules, plans, prices, specifications, materials, etc.
7. Compliance with established policies, procedures, specifications or Quality Assurance Plans.
8. No hidden costs, cost overruns (which result from all other failures), or cost surprises.
9. Knowledge of the market, who the customer is, what they want, and how much they will pay.
10. You say what you do and you do what you say.

What is a Service Nonconformance?

In general, any problem related to interactions, delivery, quality, schedule, or budget.  Failing to meet customer expectations is a service nonconformance.  Does the customer really have to tell you that they want you to answer the phone, deliver a product that works, and fits within the budget of the target customer?  This is basic service and any manufacturing company should be practicing basic service more and more to survive in today’s service based economy.

Have you gained quality improvement expertise over the years working with many manufacturing, information technology, and service organizations?   Bizmanualz understands your ongoing challenges of building a Quality Management System, implementing Lean Thinking, or the day-to-day struggles to maintain your ISO registration.   ISO 9001 assistance is close at hand.  Bizmanualz can provide quality management support either with onsite or remote assistance.

Policies, procedures, and forms documentation.  Now you can develop a simple ISO system in as little as 12 pages that requires less overhead using Lean ISO 9001:2008 conforming policies, procedures, and forms documents.  Each document is easily editable in MS-Word to customize to your situation.

Procedure management software. Once your documents are drafted you can simplify your document version control and management tasks using online software that ensures document reviews and approvals are completed prior to release.  Deliver relevant documents to every point-of-use or to your auditors via the internet.  Improved document access control, search and retrieval ensure your users have what they need.  Using an online procedure management software means no more back-up, retention, and document control findings too.

1^st and 2^nd Party audit support.  You don’t need to have a full-time internal or supplier audit staff.  Just contract experienced auditors to oversee the internal audit process, schedules, and audit plans, as needed.  You will receive timely audit reports for your supplier audits, pre-assessment audits, internal audits or full system audits.

Quality Management Support. Obtain fast answers to your quality management system questions from experienced, certified quality managers that can lead management reviews with complete records of results, follow-up on management review action items, and oversee nonconformance, corrective and preventive action processes.  Technical advise on quality policy, quality objectives, and overall QMS performance is readily available.

Continuous Improvement Support. Trained and experienced Lean / Six Sigma facilitators are available to organize, lead and document Lean / Six Sigma improvement events (like 5S, Preventive Maintenance, Set-up reduction, line balancing, etc).  Contract for a only the ISO quality, lean, and six sigma training you need.  Having problems with SPC, calibration, FMEA, control plans, customer feedback processes?  Training programs, advise, and guidance can be yours.

Using Bizmanualz provides competent and cost effective resources that reduce common audit findings and management stress related to the quality management system.  Now you can quickly resolve common audit findings related to:

• Qualified personnel and training
• Working document and record control
• Timely internal audits and management reviews
• Viable Nonconformance, Corrective and Preventive Action system

Bizmanualz maintains competent, qualified (ASQ Certified) personnel available as Lean / Six Sigma facilitators, part-time quality managers, and part-time lead auditors.  Now you have a cost effective solution using less than a full time quality staff that are available as need demands and you pay only for what you use.

Bizmanualz quality system services offer less stress for management using a working QMS to retain your ISO Certification.  Your management just reviews and approves actions on a scheduled basis.  Now that’s easy.

The Five Areas Bizmanualz can Help with Your Quality Management System

1. Policies, Procedures, and Forms Documentation Examples
2. Document Version Control and Management Software
3. 1^st and 2^nd Party Audit Support
4. Quality System Management Support
5. Continuous Improvement Support

Call us to find out how Bizmanualz can help you with your Quality Management System today.

Figure 1. PDCA Wheel

PDCA was developed by Dr. Walter Shewhart, one of the top ten quality gurus.  Dr. W. Edwards Deming preferred to call it PDSA or Plan, Do, Study, Act because he felt that “check” emphasized inspection over analysis.  Most people spend most of their time on the first two, Plan and Do, and tend to neglect the Check and Act parts.  An ISO 9001 QMS is a balanced system and to keep your ISO system working effectively you need to value each PDCA element equally and not favor one (i.e. Plan, Do) over the other (Check, Act).

We have written a lot about PDCA in the past.  Now let’s take a look at PDCA as it relates to ISO 9001 by breaking down the ISO 9001 standard into its main elements and then assigning them to each part of the PDCA process.  What you see is that each clause of the ISO 9001 standard contains a planning step, clause 7 is focused on doing, and clause 8 is focused on checking and acting.  What clause do you think people have the most trouble with?

Clause 8 is the most troublesome because it is focused on checking and acting.  People get more satisfaction in planning and doing then they do in checking and acting.  It is just human nature.  So, to master ISO 9001 you have to break the habit and budget more time for the checking and acting steps of clause 8.  Now let’s take a look at each PDCA element and see how ISO 9001 aligns with PDCA.

PLAN

Your business should have an annual planning cycle that produces business plans that contain your: vision/mission/quality policy, operational objectives, budgets, preventive maintenance/actions, document standards, milestones, and new product/market/process introductions.  These are all planning elements.  ISO 9001 calls out these planning elements in seven areas.  Maintain QMS (4.1)

• Document QMS (4.2)
• Management Responsibilities (5)
• Manage Resources (6)
• Plan Product Realization (7.1)
• Control Monitor & Measurement Equipment (7.6)
• Preventive Action (8.5.3)

Most of these obviously belong here but what about Preventive Action (8.5.3)?  It comes from clause 8 (a check act clause) and sounds like an action step.  I put it here because preventive action is a plan to eliminate a defect that has not occurred.  Since we do not know if it will ever occur (with or without the preventive action being taken) then it sounds like a well intentioned plan.  If the defect occurs then the plan failed.  If it does not occur, then is this because we took action to prevent it?  If we cannot say this with certainty, then I would call it a plan.

DO

Your do steps are more frequent, possible occurring on a monthly cycle that produces data records for measurement and analysis as a result of executing the annual plans. A lot of your doing is focused on clause 7, Product Realization. Most of your ISO records are produced in clause 7.

• Competence & Training (6.2.2)
• Design, Develop, Realize (7)
• Purchasing (7.4)
• Product & Service Provisions (7.5)

CHECK

Once you have data from your doing steps you need to analyze or study the data (remember Deming’s PDSA reminding us to Plan, Do, Study, Act).  We do not want to check to see if a step was done or check to see if data was produced.  This is nothing but inspection.  We need to analyze and understand what the data is telling us.  We do this by converting the data into information.

The ISO 9001 standard clearly defines various check processes, which are cycles of measurement and analysis to determine how well the organization is executing the annual plans.

• Management Reviews (5.6)
• Monitor & Measuring (8.2)
• Customer Satisfaction (8.2.1)
• Internal Auditing (8.2.2)
• Data Analysis (8.4)

These are not one-time events.  These check processes continuously occur, which brings to mind trend lines on charts as a way to convert data into information.

A monthly or quarterly check event is very realistic, although many companies choose an annual audit, management review or customer satisfaction survey as a sufficient check on the ISO 9001 QMS.  I guess if you have an incredibly stable business model with little to no competition and a static environment, industry or market then maybe you can get away with an annual check.  Are there any businesses like that anymore?

ACT

Actions taken — without undue delay– to close the gap, identified during measurement and analysis, between the annual plans and the data records produced during execution.   Of course there is an element of act in the management reviews because after you review the required inputs you are supposed to assign action items to individuals to take the necessary corrective actions (and maybe preventive actions).

ISO 9001 has a few clear action steps like isolating nonconforming product, taking corrective action, and maybe preventive action too.

• Nonconforming Product (8.3)
• Corrective Action (8.5.2)
• Preventive Action (8.5.3)?  ( I know some of you want this here)

ISO 9001 is not a single PDCA cycle.  It is actually a series of imbedded PDCA cycles.  Clause 7 is not just about doing.  Product realization is itself a PDCA cycle that starts with planning requirements and realization needs.  Next comes development (doing), development reviews (checking), and finally development revisions (actions).  This same PDCA cycle is occurring within training, documentation, purchasing, auditing, corrective action, etc.  The whole concept of continuous improvement relies on PDCA.

Check out Bizmanualz Internal Auditor Training programs for more information on building Lean ISO Quality systems, creating well-defined processes, or getting more value out of your quality management system.

Some of you aren’t buying the “fear, uncertainty, and doubt“ story, though. You’re going about your business logically, methodically, and with a clear sense of direction and purpose. You’re making things happen now and you’ll be in the lead when 2011 rolls around.

For the rest of us, there are many things we could be doing to make great strides forward in the coming year. Among them are implementing or refining the following key procedures:

10. Vendor Evaluation – We’ve all outsourced many of our “non-core” functions, but how many of us are guilty of inattentive behavior with respect to our outsourcers? You get a little complacent and what happens? Deadlines start to slip, or substandard product starts to sneak in. Now is a good time to evaluate your product and service vendors to see if they’re measuring up to your standards.

9. Document Control – Do you know if your employees are following the same guidelines? If you had to ask an employee to take over another’s duties for the day because of an illness, would that first employee know where to go for information? Do they have access to the latest version of the procedure? It’s important that you keep your documentation, however critical it is, under control.  One easy way to do this is using policy management or document compliance management software.

8. Process Monitoring and Measurement – Companies that don’t monitor and measure their performance have no way of knowing for certain if they’re doing better than they were six months or a year ago, or in which direction they’re headed. We can’t improve what we don’t measure.

7. Control of Nonconforming Product – One of the worst things that can happen to your company…worse than finding an error on the production line, worse than finding a nonconformity during inspection…is having a customer find a nonconformity for you. Nothing hurts your company’s reputation worse than a customer finding a poor quality product, getting a late delivery, or finding a billing error in your favor.

6. Identification and Traceability – This is one of the biggest issues in food safety. As important as identifying unsafe product and removing it from the food supply chain is tracing the offending product to its source. ISO 22000 already had a clause addressing traceability when ISO developed a new standard, ISO 22005, to address the issue further. Whether you’re in the food business or another line of work, your customers will benefit from improved traceability of your components.

5. Competence, Awareness, and Training – Very few things improve your company’s performance — and reputation — more than a well-trained, capable work force. Ongoing training not only helps your employees gain self-confidence; it lets them know how important they are to your success.

4. Customer Satisfaction – Some refer to it as “customer loyalty”; others call it “the customer experience”. Whatever label you give it, your company wants to do more than retain customers. You want your customers telling all their contacts how great you are, how if every supplier was as customer-conscious as you, their business would be exceptional.

3. Control of Records – “Those who ignore the past are condemned to repeat it.” (Santayana) Your quality records, your accounting records, your sales records — these are the foundation for your company’s success, now and in the future. Barring the invention of a foolproof “crystal ball” app for your smartphone, knowing where you are in relation to where you’ve been and acting on that knowledge to improve your processes are key to your growth. Without adequate recordkeeping, you are flying blind into the future.

2. Internal Auditing – The best way to ensure the effectiveness of your operations and the viability of your organizations is to have your systems — accounting/finance, operations, IT, quality, etc. — audited. You should have a third party, someone with knowledge, experience, and impartiality, periodically audit your systems. In between, you should self-audit your systems to ensure that they’re in compliance, are effectively implemented and maintained, and that they’re achieving the desired results.

And the most important procedure you can implement to improve your quality and performance in 2011?

1. Corrective and Preventive Action – It’s a two-way tie for number one. Corrective and preventive actions are intertwined, though they’re not interchangeable.

A corrective action is the one you take to ensure that a problem does not happen again. A preventive action is what you do to prevent, or lessen the likelihood of, the problem from happening in the first place. Think of a heart attack: surgery to repair the damaged heart, combined with other measures (improved diet, exercise, etc.), is a corrective action. Regular exercise, a healthy diet, and (when you reach a certain age) regular visits to a cardiologist before you have a heart attack are a preventive action.

And, don’t forget what binds these procedures together — a mission, vision, and strategic plan for your firm. More on that later. For now, what do you think? Are there any procedures you’d add to, or take out of, this list? Would you put them in a different order?

Last week, we identified three elements that drive up your cost of compliance: cost of improvement, cost of review, and cost of scale.  Your cost of improvement can be managed by the improvement projects you choose.  Your cost of review is a relatively fixed, ongoing yearly expense, based on your cost of scale.  Your cost of scale defines how expensive your entire compliance program will be, now and in the future.  Ergo, the more procedures you write, the more expensive compliance becomes.

How Do You Keep Your Compliance Costs Under Control?

Writing procedures for internal control can produce diminishing returns.  Every procedure written carries with it a lot of overhead.  Overhead in this case consists of more than the original documentation effort — the design and development.  It includes implementation and review — document control, training, usage, auditing, management review, and regular updates.

Writing more procedures costs more money; it also reduces risk, but only up to a point.  The point of diminishing returns is where the time and effort you spend on a task stops yielding rewards.  You reach a break-even point, and when you reach that point varies according to your situation.  The common perception is that as you write more procedures, you reduce risks (compliance risk, for instance) further. This would be true if you followed all implementation steps; the reality is that most companies do not follow all implementation steps.

Any implementation step you leave out increases your risk; you lose all the intended benefits of your procedures.  You might think you’re saving money by foregoing certain steps in the implementation process.  Think again.  The opportunity for quality defects, customer complaints, and material weaknesses rises when you take shortcuts.  The likely result is a corrective action loop due to user complaints that your policies and procedures don’t work.

Starting with a clear, compact scope is key to controlling your compliance costs.  The size or scale of your operation — the number of operating locations, number of employees, and the number, complexity, and interconnections of processes — means more risk management, internal controls, and processes to be understood, documented, and controlled.   Learn to pick your battles — focus on the most important processes first!

Map out your core processes with a “big systems perspective” process map.  ISO 9001 certification requires six procedures — document control, record control, internal auditing, control of nonconformities, corrective action, and preventive action — so if ISO 9001 certification is what you’re after, start with those processes.    Sarbanes-Oxley compliance is risk-based, so identify the greatest risks to your company, prioritize them, and write procedures that address those risks first.  This will give you the greatest return on your procedure investment.

Quality defects are to ISO 9001 as financial risks are to regulations like the 8th EU Directive and Sarbanes-Oxley.  You can reduce the scope of your compliance program by addressing the areas with the most defects or the greatest risks first.  As legislative bodies and enforcement agencies have often said, you shouldn’t try to address everything all at once.  Start by reviewing the materiality of the defects or risks to your company.  Decide on a threshold, or cutoff, for materiality.  Don’t worry if you miss the mark on your early attempts: Improvement is an ongoing process, not an event.

Be agile and think about the speed of your procedures implementation.  Most process procedures projects stall because they’re overtaken by current events.  Immediate business needs take precedence, of course, but you risk losing focus and that sense of purpose with your procedures project when you shelve it, so you’re less likely to achieve compliance or those other benefits you were looking for when you took on the project in the first place.

Only write procedures you know you can implement fully.  A written procedure nobody uses is worse than none at all, because of the wasted effort.

Starting with a manageable scope will help you realize your goals and keep your compliance costs down. Work through your procedures incrementally; next year, lower your risk threshold and address more risks, then a few more the year after, and so on, until you’re comfortable.

Management decides on the internal controls needed to cover the identified defects and risks.  If they decide wrong and pick a threshold that’s too high, you’ve identified a material weakness in your quality or risk control framework.  That can be a very good thing, as long as you work on improving your internal controls.  Do so, and you have a working management system that ensures compliance.  Isn’t that what you wanted in the first place?

Using prewritten procedures saves time researching, writing, and implementing accounting policies, procedures, and internal control.  Download free samples now and get started on your procedure development project today!

St. Louis, MO – June 18, 2009 – Bizmanualz, Inc., a business publications, training, and consulting company based in St. Louis, MO, today announced the release of the updated ISO 9001 Policies and Procedures Manual. The company has greatly improved its product by modeling its policies and procedures on the Deming (“Plan-Do-Check-Act”) Cycle.

“The updated manual reflects our lean philosophy in multiple ways,” said Christopher Anderson, Managing Director of Bizmanualz. “For example, rather than borrow the text of the standard verbatim in the quality manual, we stripped it to the bare essentials. Putting in a lot of verbiage not required by the standard can make your Quality Manual less user-friendly, less useful, and less likely to be improved.”

The updated ISO 9001 Policies, Procedures & Forms Manual conforms to the ISO 9001:2008 standard, which was updated for the first time in eight years and released in November, 2008. ISO 9001 requirements for procedures and records are clearly identified throughout the updated manual. Recently ISO 9001 certified by using lean principles, the company has used a similar approach in the update process.

“We carried procedures over (from the old to the new ISO 9001 QMS manual) that most organizations consider critical,” said Steve Flick, Bizmanualz Product Director. “Similarly, we removed procedures that customers didn’t consider a high priority, or had little-to-nothing to do with 9001 requirements, or didn’t amount to more than simple work instructions.”

Twenty-three QMS procedures are included in the updated ISO 9001 manual. A forms list at the end of each procedure points out if the filled out form is a “required record” and which ISO 9001 clause requires that record. Bizmanualz redesigned its ISO 9001 QMS manual to help companies easily establish an effective quality management system, as well as to simplify the certification journey for organizations wishing to comply with ISO 9001:2008.

Bizmanualz also offers manuals for Accounting, Finance, Computers & Networks, Sales & Marketing, Human Resources, ISO 22000, Disaster Recovery, and Security. All of Bizmanualz® Policies & Procedures manuals are available via instant download or in hard copy form, with easily editable MS-Word documents included on CD.

Each manual provides prewritten policies, procedures, and forms that enable executives to create and maintain internal controls and implement best practices for all departments in their business.

Bizmanualz® ISO 9001 QMS Policies, Procedures, and Forms: How to Quickly Create an ISO 9001 Quality Management System with easily editable Policies, Procedures, and Forms. (400 pp/trade binder/$495.00) is a Knowledge Management title from Bizmanualz, Inc. It is available through the company’s website, www.bizmanualz.com, or by calling the publisher at 800-466-9953 (outside the USA, call 314-863-5079), faxing your request to 314-863-6571, or by e-mailing sales@bizmanualz.com.

Management Commitment is Vital to ISO 9001 Success

Now we are starting phase three: implementing the requirements of Clause 5 – Management Responsibility and Clause 6 – Resource Management. While there are a number of required documents we created to meet requirements from Clauses 4 and 8, Clauses 5 and 6 are long on stated requirements (“Top Management shall … ,” “The organization shall … “), but they have few required documents and records.

In Clause 5, the responsibilities of meeting the requirements of the ISO 9001 QMS are put squarely on the shoulders of top management. Those who are familiar with how organizations tend to function know that the success or failure of any organizational endeavor depends on the commitment of top management. If top management does not see it as important or a priority, then it becomes starved for resources and eventually dies. Whatever top management focuses on, however, becomes a priority for the whole organization. This is certainly true for implementing, maintaining, and improving the ISO QMS.

There are specific requirements relating to Management Review in Clause 5, including a management review meeting record. Otherwise, there are no specific requirements to create particular records showing management’s commitment and responsibility. The requirement is a general one of providing evidence of commitment.

ISO 9001 Is Generic Application Depends on the Organization

It is this type of general requirement that many organizations struggle with. In contrast with specific requirements that are straightforward (for example, an Internal Audit procedure that includes responsibilities and requirements for planning and conducting internal audits, establishing records and reporting results), these more general “shall statements” require organizations to come up with their own method of compliance.

One way to deal with these less specific requirements is to convert “shall statements” into questions. For example, top management has to answer the question, “How do we ensure appropriate communication processes are established and that communication takes place regarding the effectiveness of the QMS?” The formal language in the standard seems intimidating and adds to the difficulty. Appropriate communication processes? But most organizations have communication processes; it is just a matter of recognizing them and being aware that those activities meet a requirement of the ISO 9001 standard. For example, perhaps you have monthly department head meetings, and departments have weekly staff meetings. Perhaps you have an on-line or printed quality newsletter. These are all communication processes.

Focus on ISO Compliance Not Unnecessary ISO Documentation

So in a sense, phase three is about reviewing and considering requirements in Clause 5 and Clause 6, and then recognizing how your organization meets them. You don’t have to have procedures or even records in order to comply, unless you feel they are important for the needs of your organization. Obviously, as you work through this, when you recognize a weakness or an area of non-compliance it is time to implement new or altered methods. But as in our communication example, frequently organizations are doing things that comply with the requirements. It is just a matter of being cognizant of them, plus knowing what evidence exists that verifies your compliance.

Clause 6, Resource Management, requires a similar approach. Phrase the “shall statements” as questions and then give reflective responses. For Clause 5 and 6 you may want to capture these responses in notes for your own purposes or for training, but there is no requirement to do so. In terms of compliance, just be sure you can answer the question appropriately when the internal or external auditor asks, and that others give answers that are consistent with your compliance methods. Be aware, however, that after you give an auditor the answer, he or she will then seek objective evidence that you do, indeed, do things that way (such as meeting agendas, minutes, or collaboration from the earlier communication example).

Training Records Are Required in ISO 9001

Let’s emphasize, however, the training record requirement for Clause 6 of the ISO 9001 QMS Requirements. Many auditors agree that this is a common area of weakness among ISO 9001 certified organizations. So one focus for phase three of ISO 9001 QMS implementation should be creating a training record system where education, training, skills, and experience are captured. In larger organizations this probably has to be handled at the department level, but there should still be consistency throughout the organization. This will require a systematic approach that is communicated through training, examples, etc., to department leaders.

So there is no simple advice or direct methods for complying with the requirements found in Clause 5 and Clause 6. Phase three is as much about understanding and awareness as it is about creating new processes and documentation. Each and every organization has to decide how they currently fulfill them or how they will fulfill them. It is this flexibility, however, that makes ISO 9001 flexible enough to be applied to any type of organization.

Our next and final piece in the series will cover phase 4, implementing ISO 9001 Clause 7 – Product Realization, also known as design, development and fulfillment. Here the ISO 9001 Requirements are heavy on records that many organizations have difficulty with in terms of compliance. We will discuss ways to simplify and streamline Clause 7 compliance.

• Become familiar with the ISO 9001 QMS Requirements
• Identify key QMS processes and their interaction
• Create drafts of the Quality Manual, Quality Policy, and Policy Objectives
• Write a draft of Document and Record Control Procedures

After completing these tasks (delineated in Clause 4 of the ISO 9001 Standard), the next crucial step in implementing an ISO 9001 QMS is to create the continual improvement processes as described in Clause 8 of the standard. In terms of Clause 8 continual improvement primarily consists of Customer Satisfaction, Internal Auditing, and Corrective Action, and Preventive Action.

Sketch Out the Continual Improvement ISO Processes

After putting the basic components of the general QMS requirements in place during phase 1, in phase 2 the focus is on continual improvement because it is the continual improvement processes of the ISO QMS that provides value and benefit to your organization. So, in order to gain these benefits as soon as possible, start putting these processes in place and practicing them.

Much as was described for the critical QMS processes in phase one, sketch out your continual improvement processes. Ask questions such as: How will using Corrective Actions and Preventive Actions (CAPA) most benefit the organization? Who are the process owners? What are inputs and outputs? Are certain departments integral to CAPA or should everyone get into the act? Of course, when resolving such questions, it is a good idea to involve the ISO Strategy Team. They can provide perspectives from various departments or segments of the organization.

Drafting the ISO 9001 Procedures

Once you have a continual improvement process sketched out, write a draft procedure. Remember, it is better to document a process in the way you are capable of doing it, not how you think it should be done in a perfect world. After you have a draft procedure, train the involved staff and start executing the process. You don’t have to wait until the procedure is finalized or the ISO QMS is fully implemented to start executing Corrective Actions, for example. This is a great opportunity to learn and implement practices that are effective while ditching things that don’t work and while you can easily update your draft documentation.

One important note: I mentioned writing procedures. Corrective Action, Preventive Action, Non-Conforming Material, and Internal Audit are required procedures for an ISO 9001 QMS. You don’t have to write a procedure to describe every process. In fact, the most common mistake organizations make when implementing an ISO 9001 QMS is over-documenting: writing too many procedures that end up not followed, not used, not updated, and not correct. So it is important to note that I list writing procedures as an important step for these continual improvement processes because the ISO Standard requires them. (Note the emphasis on continual improvement in the ISO 9001 requirements it involves four of the six required procedures. There are also key required records associated with these processes.)

Focusing on the Continual Improvement Processes

Corrective Action is the process you use to fix the root causes of problems. They could be internal process problems (office or production), product problems, or even problems with the QMS. There are some basic steps that have to be included: fix any current problems, investigate root causes and solutions, make necessary corrections/improvements, and then verify they are effective and the problem doesn’t reoccur.

Preventive Action is the process of making improvements before a problem occurs. Frequently organizations struggle with Preventive Actions; perhaps because they envision preventive action as being something big or major. That doesn’t have to be the case. Small improvements prevent problems as well. So the real goal for the preventive action process is to create a system that documents all improvements – big and small.

Nonconforming Product is where you log defects found either in receiving inspection, manufacturing, or customer returns. Each defect needs to be logged, isolated from good product, and a disposition determined, which could lead to a corrective action.

Internal Audits are used like instruments to measure the effectiveness of the ISO 9001 QMS. Of course, your internal audit team will need training and to understand the ISO 9001 QMS Requirements, so an Internal Auditor Class may be helpful.

With an internal audit procedure and audit training you can start auditing the ISO 9001 QMS even though the system isn’t fully implemented. But it provides ISO 9001 auditing practice and generates required audit records. The audit findings are also entered into the corrective action process so we can practice doing corrective actions.

Since the ISO 9001 QMS is still being implemented, some records and documents may not be available for audits. Auditors can start, however, by auditing processes put in place implementing Clauses 4.1 and 4.2 in phase one. We can use the internal audit program to continually improve our growing ISO 9001 QMS.

Additional ISO System Components of Continual Improvement

Other pieces of continual improvement include customer satisfaction and analysis of data. While there are no required procedures or records associated with them, you still need to have defined processes for capturing data about customer satisfaction, and for regularly collecting and analyzing data from the critical processes identified in the Quality Manual. After all, improvement is the whole point of implementing the ISO 9001 QMS, and one key to improvement is to set objectives for your processes and then regularly compare actual results to the objectives, and then taking action to correct deficiencies.

Now you have completed phase two of implementation by putting in place your continual improvement processes. Next week we will cover phase three: implementing Clause 5-Management Responsibility and Clause 6- Resource Management.

At Bizmanualz, we have helped a number of small and medium sized businesses move from having no real QMS to becoming ISO 9001 certified.   It is a process that usually takes about six months, but it can be done in three to four months for very small companies.  A project typically includes establishing all the required elements of the ISO Quality Management System and assisting them in getting it off ground functionally.

One way to establish priorities and milestones is to use the organization of the ISO 9001:2008 QMS Requirements itself as a pro-forma project plan.  The project we describe in this series is heavily influenced by the layout of the requirements.

The ultimate goal, however, of an ISO QMS is continual improvement.  So, to gain the benefits of improvement, an organization has to be committed to maintaining and modifying the system over time to best suit its needs.  Creating the ISO QMS is just the beginning.

Create an ISO Implementation Plan

Since the best approach is to treat your ISO implementation as a project, you should start with a project plan that estimates the resources needed (people, materials, expertise) and the project timeline from beginning until the certification audit.   If you have experience and knowledge of the ISO 9001 requirements, you might begin with a gap assessment, which provides input into the project plan.  A gap assessment is just as the name describes – comparing current systems and documentation to what is needed for a system that is ISO 9001 compliant.  If you don’t feel comfortable with the ISO 9001:2008 Standard, then perhaps the first step is ISO training for you and members of the project team or ISO Steering Committee.

The ISO Steering Committee includes key members from the quality department along with representatives from other departments like Sales & Marketing, Design & Development, Human Resources, Production, and Accounting.  The Steering Committee members provide valuable input to the ISO QMS development project about systems and processes, they divide up tasks and actions items, and assist in distributing important information throughout the organization.  But remember, involving a committee can also take more time as you wait for meetings in order to make decisions and follow-up on actions.  So be sure to build such delays into your project plan.

Start with Clause Four in the ISO 9001 Standard

The QMS really starts where the ISO 9001 General Requirements begin – in Clause 4, and that is where the efforts of phase one are focused.  It is well established that ISO 9001 is a process-based standard, and the General Requirements listed in 4.1 establish this clearly:

1. Determine the processes of the QMS
2. The sequence and interaction of the processes
3. The criteria and methods to ensure process are effective
4. Ensure availability of resources and information to operate and monitor the processes
5. Monitor and measure and analyze the processes
6. Continually improve the processes

The first two items are the focus while setting up your ISO QMS.  The remaining four become central as you maintain the ISO QMS and use it to improve the organization.

Define Your ISO Processes

Therefore, step one in creating the ISO QMS is to understand and define the processes of the QMS.  Understanding your processes is key to a functional QMS.  There is a scope question each organization has to answer (which will also eventually be included in the Quality Manual).  Exactly what processes will be part of the ISO QMS?    The ISO QMS could encompass the entire organization, a particular facility, or perhaps just a single product line.

Figure 1: Typical Organization Processes

One way to get started defining processes is to consider the over-arching, top level processes that convert supplies and resources (i.e. materials, knowledge, and capital equipment) into customer deliverables.  Figure 1 shows the top level processes of a typical organization.  If necessary, once top level processes are defined, you can identify key sub-processes that make up the top level process.  Notice that Figure 1 also displays the interaction of the top level processes.

Be sure to identify the process owners who have ultimate responsibility.

Creating the First Level of ISO 9001 Documents such as the Quality Manual

Once the QMS processes are defined, you are ready to start the next step in phase 1: creating the first level of documentation.  The first document tier in the QMS consists of the Quality Manual, the Quality Policy, and the Quality Objectives.

By having already clearly defined the QMS processes, creating a draft of the Quality Manual becomes easier because you have already determined much of the key content.  Remember, the description and interaction of the processes in the Quality Manual does not have to be large amounts of text.  Diagrams, process maps, and flow charts all describe processes just as well, if not better, than verbal descriptions.  Also, be sure to list all exclusions your organization has to the ISO QMS.

Completing Phase One with Quality Policy, Quality Objectives, and Document Control

At this point you have completed two crucial steps on your way to ISO compliance – defined processes and a draft of the Quality Manual. The next step is write drafts of the quality policy and quality objectives.  Remember, the quality objectives should be measurable and align/fulfill the quality policy.

The last step for phase one of your ISO QMS project is to create the document/record control system that will be used for the QMS documents.  How are they reviewed and released, updated, stored, and retrieved?  These questions should be addressed in ways that meet the requirements for document and record control established in Clauses 4.2.3 and 4.2.4.  This also includes writing the drafts of the required Document Control and Record Control procedures that will define your system of documents and records.

Now, at the end of phase one, you have fulfilled most of the requirements established in Clause 4 of the ISO 9001 Requirements, and you have also created the framework for meeting the additional requirements in other clauses of the ISO 9001 Standard.  While you may only have drafts of the quality manual and document and record control procedures, having a good draft in place represents a majority of the effort.  Hopefully you will only need to make minor additions and revisions to them as you continue on your ISO QMS project path.

In the next article, we will discuss phase 2 of your ISO QMS implementation project – putting in place the continual improvement processes described in Clause 8.

Improve Effective Planning

Problems most often arise from poor planning. Sometimes we’re uncertain if we’re tackling the correct issues and dealing with them the right way. However, we can improve our assumptions about processes and performance with more effective auditing.

Keep Objective Records

The internal audit process is not intended to be a ‘gotcha’ game. Rather, auditing helps management understand and validate the planning element. By keeping an objective record of the process, we can learn to swim first and avoid that sinking feeling later.

Improve with Internal Auditor Training

Les Cornelius, Quality Assurance Coordinator at Lee BioSolutions, Inc., took a two-day Internal Auditor Skills Class for the knowledge of getting improved results.

“I have to stay updated on new and improved ways to design, assess and improve processes,” said Cornelius. “The checklists, planning an audit, designing an audit program and conducting an audit – all are very helpful in preparation for the ISO certification audit.”

Make Better Decisions

By gathering objective evidence through observation, interviews and samplings of records, management can make better decisions. This will help:

• Test organizational objectives and processes
• Write factual audit reports that help improve the effectiveness of the management system
• Suggest ways to verify the effectiveness of any corrective action to achieve the objectives

Check for Quality

Auditing is the third phase of the Plan, Do, Check, Act process approach – check. It is also one of the 8 quality principles of ISO, which allows managers to make better decisions based not on subjective opinion but objective fact.

The audit process is a valuable step for improvement. Auditor training will teach managers and executives how to improve the effectiveness of their management system, which is essential for ISO 9001 certification.

Audit to Help

To fully understand the requirements of ISO 9001 and to facilitate audit teams, business professionals can also take a five-day Lead Auditor course. After all, auditing is designed to help us, not hurt us.