We started with how to start your ISO 9001 certification. At this point we have covered how to comply with most of the ISO 9001 QMS requirements. Now we will cover the final phase; complying with the requirements of Clause 8.
Clause 8, “Operation” (recall that we can substitute “service” anywhere the word “product” occurs) covers the spectrum from product development (literally from the moment an order is taken or a product conceived) until the product is shipped to the customer.
Besides understanding and complying with the “shall statements” in Clause 8 (as discussed for leadership Clause 5 and 7), a key element to complying with ISO 9001 Clause 8 is getting a handle on the required documents. A lion’s share of the ISO 9001 required documents (14 of 24) come from Clause 8. (See Table 1 for a complete list of required records.) Required documents from Clause 8 include:
|8.3.2||Confirm that design and development requirements have been met.|
|8.3.4||Design and development controls|
|8.3.5||Design and development process outputs.|
|8.3.6||Design and development changes.|
Some organizations seem to struggle with all the required operations document. For example, we recently worked with a company that took great effort and pride in their meticulous document keeping. The problem was, however, that they did not understand how the document they kept met the document requirements of the ISO 9001 QMS.
As you create a QMS to comply with Clause 8, there are two things to always keep in mind:
1) What do I need to do to comply with the requirements?
2) How can keeping these document help my organization?
In order to comply with ISO 9001:2015, particularly in terms of a documented information, an organization has to reflect on the specific requirements listed, as well as how this document fits in with the unique ways the organization fulfills operations. Ensuring you comply with the spirit and letter of the ISO 9001 Standard will require taking some time to understand the requirements, and taking time to reflect on your operations processes.
As we know, frequently the ISO 9001 QMS requirements are not very detailed or specific when it comes to record keeping. So each organization can define exactly what form the records will take, and what kind of information will be collected.
But there are some specifics associated with each record that one must be aware of in order to comply with ISO 9001 requirements. So, early in the effort to create records to comply with Clause 8, an organization must have a clear picture of what records are needed and what specifically must be included in the record.
While compliance is important, the whole goal of implementing ISO 9001:2015 is to continually improve as an organization. So how you use the records to help the organization improve is of primary importance. The point of keeping records is not because ISO says we need to, or even because auditors want to see them (though it does, and they will…).
In several places the ISO 9001 Certification requirements (i.e. Clause 9.1) requires organizations to monitor, measure, and analyze. Documents play an important role in that they are used to capture data and information about processes that are used for monitoring, measuring, and analyzing.
This is what record keeping is really about – using documents to understand your processes and to find ways to improve. They should contain the information needed to tell us whether or not our processes are effective. Are we capturing the customer requirements properly thereby avoiding rework, scrap, and other waste? Are design reviews generating actions that improve the product and meet requirements? Are design projects on schedule and budget or do they consistently suffer from unnecessary expanding scope or delays? Are process objectives being met?
One useful way to get a handle on realization records is to consider product realization as a set of processes, and then identify where, as part of the process, a record is generated and what record requirement is fulfilled. Ideally, realization processes, like all processes, should have key objectives established that measure effectiveness. The goal should be to collect information in the records that relates to process effectiveness.
Your ISO records should tell you a lot about how effective your processes are operating. If they don’t, perhaps you are meeting bare minimum ISO requirements by generating the record, but you’re not meeting the spirit of the ISO standard by using the QMS for continual improvement. If you find that you are not getting useful information from your documents, then change what you are doing.
With so many required documents from Clause 8, it also important to look for ways to streamline and simplify document keeping. Do you need 14 different forms? For example, perhaps a general form can be used for all the design and development records. For calibration records, it may be easier to track the calibration of monitoring and measuring equipment electronically in a database or spreadsheet instead of paper.
As always, the best approach is to start simple and build on it as you identify needs and areas for improvement. It is easier to build on a basic, simple system than it is to strip unnecessary elements from an overly complex system.
Now we have covered all the clauses of the ISO 9001 QMS that have requirements. Obviously, we could not cover all the elements of ISO 9001 Certification, but hopefully we have delineated a basic path to compliance in manageable steps, and discussed an approach that can be used to fulfill all requirements.
If you recall, earlier we created drafts of some procedure documents. As you start using the QMS, you should get the documents in finalized forms and release them into documented information control. To verify and improve the QMS you should regularly audit it (including documents, and improvement activity). But the most important thing to do with the ISO 9001 QMS is to use it.
Communicate the QMS to the staff; involve them with reviewing procedures, keeping data documents, and conducting process reviews. Develop an internal auditing staff that understands the requirements and the organizational goals in employing ISO 9001, and create an aggressive audit schedule.
Auditors will need to identify risk concepts, tools, or methods for risk analysis and management. Although ISO 31000 or FMEA are not required, familiarity with risk-based approaches of some type will help.
Auditors will need to identify interested parties (e.g. customers, shareholders, board members, competitors, and regulators), what their relevant interests might be, and the risks as it relates to the organizational context.
Once you feel comfortable that your ISO Quality Management System is operating and functional, you are ready to contact an ISO 9001 Registrar and set up an audit for ISO 9001 Certification.
Download a Free example procedure from the ISO 9001 Quality Procedure Manual.