If your goal is ISO certification, the best method is to create a compliant QMS in stages. We have discussed getting your ISO 9001 Quality Management System (QMS) implementation off the ground. Now we will discuss the second stage, continual improvement. What is continual improvement in ISO?
In phase I, we described how, after creating the project plan , you lay the foundation in phase one of your ISO Implementation project:
- Become familiar with the ISO 9001 QMS Requirements
- Identify key QMS processes and their interaction
- Create drafts of the Quality Manual, Quality Policy, and Policy Objectives
- Write a draft of Document and Record Control Procedures
After completing these tasks (delineated in Clause 4 of the ISO 9001 Standard), the next crucial step in implementing an ISO 9001 QMS is to create the continual improvement processes as described in Clause 10 of the standard. In terms of Clause 10 improvement primarily consists of Corrective Action.
After putting the basic components of the general QMS requirements in place during phase 1, in phase 2 the focus is on continual improvement because it is the continual improvement processes of the ISO QMS that provides value and benefit to your organization. So, in order to gain these benefits as soon as possible, start putting these processes in place and practicing them.
Much as was described for the critical QMS processes in phase one, sketch out your continual improvement processes. Ask questions such as: How will using Corrective Actions benefit the organization? Who are the process owners? What are inputs and outputs? Are certain departments integral to continual improvement or should everyone get into the act? Of course, when resolving such questions, it is a good idea to involve the ISO Strategy Team. They can provide perspectives from various departments or segments of the organization.
Once you have a continual improvement process sketched out, create a procedure. Remember, it is better to document a process in the way you are capable of doing it, not how you think it should be done in a perfect world. After you have a draft procedure, train the involved staff and start executing the process. You don’t have to wait until the procedure is finalized or the ISO QMS is fully implemented to start executing Corrective Actions, for example. This is a great opportunity to learn and implement practices that are effective while ditching things that don’t work and while you can easily update your draft documentation.
In fact, the most common mistake organizations make when implementing an ISO 9001 procedures manual is over-documenting: writing too many procedures that end up not followed, not used, not updated, and not correct. So it is important to note that I list writing procedures as an important step for these continual improvement processes because the ISO Standard requires them. (Note: ISO 9001:2015 has no required procedures. It only requires that you have documented information and data to show that you are in control of your processes.)
One important note: I mentioned writing procedures. Corrective Action, Non-Conforming Material, and Internal Audit encompass the continual improvement process and they used to be required procedures for ISO 9001:2009, but in ISO 9001:2015 they are not required. You don’t have to write a procedure to describe every process.
Corrective Action is the process you use to fix the root causes of problems. They could be internal process problems (office or production), product problems, or even problems with the QMS. There are some basic steps that have to be included:
- Fix any current problems
- Investigate root causes and solutions,
- Make necessary corrections and improvements, and then
- Verify they are effective by ensuring the problem doesn’t reoccur.
Risk-based Thinking is the process of making improvements before a problem occurs to prevent defects from happening. Frequently organizations struggle with preventing defects; perhaps because they envision a preventive action as being something big or major. That doesn’t have to be the case. Small improvements prevent problems as well. So the real goal for the preventive action process is to create a system that documents all improvements – big and small. That is what risk-based thinking is — it’s preventing risks from occurring.
Nonconforming Product is where you log defects found either in receiving inspection, manufacturing, or customer returns. Each defect is non-conforming to a requirement and needs to be logged, isolated from good conforming product, and a disposition determined, which could lead to a corrective action.
Internal Audits are used like instruments to measure the effectiveness of the ISO 9001 QMS. Of course, your internal audit team will need training and to understand the ISO 9001 QMS Requirements, so an Internal Auditor Class may be helpful. With an internal audit procedure and audit training you can start auditing the ISO 9001 QMS even though the system isn’t fully implemented. But it provides ISO 9001 auditing practice and generates required audit records. The audit findings are also entered into the corrective action process so we can practice doing corrective actions.
Since the ISO 9001 QMS is still being implemented, some records and documents may not be available for audits. Auditors can start, however, by auditing processes put in place implementing phase one. We can use the internal audit program to continually improve our growing ISO 9001 QMS.
Auditors will need to identify risk concepts, tools, or methods for risk analysis and management. Although ISO 31000 or FMEA are not required, familiarity with risk-based approaches of some type will help.
Auditor skills require customer and market risk
Auditors will need to identify interested parties (e.g. customers, shareholders, board members, competitors, and regulators), what their relevant interests might be, and the risks as it relates to the organizational context.
Addressing Risk Based Thinking
Clause 6 is about planning for quality and what might bring unexpected non-conformances – in other words – risks. There are many ways to plan on risk. ISO 31000:2009 Risk Management provides a standard on risk management for public or private companies. It provides a framework for managing risk that start with risk assessment, treatment, procedures, through to monitoring risk performance.
The common method is to use Failure Mode Effects Analysis or FEMA to identify, quantify, and priorities your risk. Procedure QP0600 Risk and Opportunities Management provides an explanation of how to perform a FEMA.
True quality is about risk prevention – designing in quality – and not corrective action. Your quality system strives for zero defects. How do you know your quality system is working, when you aren’t getting any defects? In this case, you might measure near misses and convert them into a risk measure for continuous improvement.
Additional ISO System Components of Continual Improvement
Other pieces of continual improvement include customer satisfaction and analysis of data. While there are no required procedures or records associated with them, you still need to have defined processes for capturing data about customer satisfaction, and for regularly collecting and analyzing data from the critical processes identified in the Quality Manual.
After all, improvement is the whole point of implementing the ISO 9001 QMS, and one key to improvement is to set objectives for your processes and then regularly compare actual results to the objectives, and then taking action to correct deficiencies.
Now you have completed phase two of ISO implementation by putting in place your continual improvement processes.