We want to implement a quality management system complying with ISO 9001. We divided the ISO QMS implementation project into four distinct phases. First we built the foundation processes, followed by continual improvement process, and the management processes. At this point we have covered how to comply with most of the ISO 9001 QMS requirements. Now we will cover the final phase; complying with the requirements of Clause 8. The final step before ISO 9001 certification is data management.
By breaking the implementation into stages, the process becomes more manageable and less overwhelming. Now we address the data management process.
|Phase One||Foundation Processes (ISO 9001 Clause 4)|
|Phase Two||Continual Improvement Processes (ISO 9001 Clause 6 and 10)|
|Phase Three||Management Resources (ISO 9001 Clause 5 and 7)|
|Phase Four||Data Management (ISO 9001 Clause 8)|
Clause 8. is the realization of your product or service (recall that we can substitute “service” anywhere the word “product” occurs), which covers the “operations” spectrum from product development (literally from the moment an order is taken or a product is conceived) until the product is shipped to the customer. Besides understanding and complying with the “shall statements” in Clause 8 (as discussed for leadership Clause 5 and 7), a key element to complying with ISO 9001 Clause 8 is getting a handle on the required data documents generated by “doing” the process.
A lion’s share of the ISO 9001 required documented information (14 of 24) come from Clause 8, which include:
Some organizations seem to struggle with all the required operations data documents. For example, we recently worked with a company that took great effort and pride in their meticulous document keeping. The problem was, however, that they did not understand how the documents they kept met the document requirements of the ISO 9001 QMS.
As you create a QMS to comply with Clause 8, there are two things to always keep in mind:
1) What do I need to do to comply with the requirements?
2) How can keeping these document help my organization?
In order to comply with ISO 9001:2015, particularly in terms of a documented information, an organization has to reflect on the specific requirements listed, as well as how this document fits in with the unique ways the organization fulfills operations. Ensuring you comply with the spirit and letter of the ISO 9001 Standard will require taking some time to understand the requirements, and taking time to reflect on your operations processes.
As we know, frequently the ISO 9001 QMS standard is not very detailed or specific when it comes to data record keeping. So each organization can define exactly what form these data records will take, and what kind of documented information will be collected.
But there are some specifics associated with each record that one must be aware of in order to comply with ISO 9001 requirements. So, early in the effort to create data records to comply with Clause 8, an organization must have a clear picture of what data records are needed and what specifically must be included in the data record.
While compliance is important, the whole goal of implementing ISO 9001:2015 is to continually improve as an organization. So how you use the records to help the organization improve is of primary importance. The point of keeping records is not because ISO says we need to, or even because auditors want to see them (though it does, and they will…).
In several places the ISO 9001 Certification requirements (i.e. Clause 9.1) requires organizations to monitor, measure, and analyze. Documents play an important role in that they are used to capture data and information about processes that are used for monitoring, measuring, and analyzing.
This is what record keeping is really about – using documents to understand your processes and to find ways to improve. They should contain the information needed to tell us whether or not our processes are effective. Are we capturing the customer requirements properly thereby avoiding rework, scrap, and other waste? Are design reviews generating actions that improve the product and meet requirements? Are design projects on schedule and budget or do they consistently suffer from unnecessary expanding scope or delays? Are process objectives being met?
The Plan, Do, Check, Act, or PDCA is the process approach, which relies on data records. One useful way to get a handle on realization data records is to consider product realization as a set of processes, and then identify where, as part of the process, data records are generated and what record requirement is fulfilled. Ideally, realization processes, like all processes, should have key criteria or objectives established that measure the effectiveness of the process. The goal should be to collect documented information (data) that relates to process effectiveness.
Your ISO data records should tell you a lot about how effective your processes are operating. If they don’t, perhaps you are meeting bare minimum ISO requirements by generating the data record, but you’re not meeting the spirit of the ISO standard by using the QMS for continual improvement. If you find that you are not getting useful information from your documents, then change what you are doing.
With so many required data documents from Clause 8, it also important to look for ways to streamline and simplify document keeping. Do you need 14 different forms? For example, perhaps a general form can be used for all the design and development records. For calibration records, it may be easier to track the calibration of monitoring and measuring equipment electronically in a database or spreadsheet instead of paper.
As always, the best approach is to start simple and build on it as you identify needs and areas for improvement. It is easier to build on a basic, simple system than it is to strip unnecessary elements from an overly complex system.
Now we have covered all the clauses of the ISO 9001 QMS that have requirements. Obviously, we could not cover all the elements of ISO 9001 Certification, but hopefully we have delineated a basic path to compliance in manageable steps, and discussed an approach that can be used to fulfill all requirements.
If you recall, earlier we created drafts of some procedure documents. As you start using the QMS, you should get the documents in finalized forms and release them into documented information control. To verify and improve the QMS you should regularly audit it (including documents, and improvement activity). But the most important thing to do with the ISO 9001 QMS is to use it.
Communicate the QMS to the staff; involve them with reviewing procedures, keeping data documents, and conducting process reviews. Develop an internal auditing staff that understands the requirements and the organizational goals in employing ISO 9001, and create an aggressive audit schedule.
Auditors will need to identify risk concepts, tools, or methods for risk analysis and risk management. Although ISO 31000 or a Failure Modes Effects Analysis (FMEA) are not required, familiarity with risk-based approaches of some type will help.
Auditors will ask you to have identified interested parties (e.g. customers, shareholders, board members, competitors, and regulators), what their relevant interests might be, and the risks as it relates to the organizational context. This should have been done in the first step addressing foundational processes.
Once you feel comfortable that your ISO Quality Management System is operating and functional, you are ready to contact an ISO 9001 Registrar and set up an audit for ISO 9001 Certification. Download Free ISO 9001 2015 Procedures from the ISO 9001 Quality Procedure Manual.