This is a sample from Chapter 5
Understanding ISO 9001:2000
Requirements for Quality Management Systems
________________________________________________________
4 QUALITY MANAGEMENT SYSTEM
4.2.2 Quality Manual
Establish and maintain a quality manual & include:
a) The scope of the QMS including details of and justification for any exclusions
b) The documented procedures (or references to them)
c) A description of interaction between QMS processes
Key Explanation Points and Tips:
Þ The quality manual is a special type of document that describes your QMS. Besides describing your QMS, your quality manual could provide information on organizational background and capabilities. It may be used by customers, regulatory bodies, suppliers and company personnel for a variety of purposes. There are many acceptable ways to document your quality manual.
Þ You must define the scope of your QMS in your quality manual. Your QMS scope should include - facilities (manufacturing and support locations), products, processes, Quality Management and other standards, etc. Customers will want to know the extent of your capabilities and the Registrar will want to determine the time and effort needed to audit your organization.
Þ Provide details of any clause exclusions from your scope, e.g. 7.3 Product Design and Development, and justification for it. You must justify all exclusions and remember, exclusions can only be made from clause 7.
Þ You have flexibility in whether or not to include your procedures and lower level documentation with your quality manual or organize them in some other fashion. You may include all or some of your procedures in your Quality Manual or reference them to your Quality Manual. Keep a listing or index at the front or back of your Manual showing the complete list of your procedures whether included or referenced.
Þ The practicality of all this would depend, of course, on the size of your organization, complexity of products and processes; competency of personnel, media used for documentation (hard copy versus computerized); ease of use and understanding by personnel; etc. So go ahead and organize your documentation to facilitate ease of use; availability and maintainability.
Þ Your quality manual must include a description of the interaction of your QMS processes. This was discussed above under clause 4.1
Þ As a controlled document (see 4.2.1), the quality manual is subject to all of the controls in clause 4.2.3.
4.2.3 Control of Documents
Control all documents required by your QMS
Have a documented procedure that defines controls needed to:
a) Approve the adequacy of documents prior to issue
b) Review, update as necessary, and re-approve documents
c) Identify changes to documents as well as identify their current revision status
d) Make relevant versions of applicable documents available at points of use
e) Maintain documents so that they are legible and readily identifiable
f) Identify documents of external origin and control their distribution
g) Prevent the unintended use of obsolete documents, and apply suitable identification to
these documents if they are kept for any purpose.
Records are a special type of document (controlled by requirements in clause 4.2.4)
Key Explanation Points and Tips:
Þ As mentioned in clause 4.2.1 notes, a document is information that is written or recorded on some medium such as paper or computer. A document may specify requirements (e.g. a drawing or technical specification); provide direction (e.g. quality plan); or show results or evidence of activities performed (e.g. records).
Þ Clause 4.2.1 tells you what documents you must include in your QMS. All documents that you determine under clause 4.2.1 to be needed for your QMS processes must be controlled. This clause 4.2.3 provides requirements on how these documents must be controlled. Documents outside the QMS need not be subject to these controls.
Þ This clause requires you to have a documented procedure. Your procedure must - define responsibility for and description of the controls required by 4.2.3 a - 4.2.3g; methods to measure process document control performance; and continual improvement of the document control process.
Þ Ensure that your procedure specifically addresses each of the control requirements, in terms of who, what when, where and how as applicable. Your procedure must address new and old as well as internal and external documents used by the QMS.
Þ You must approve all new QMS documentation prior to issue. Some degree of checking, examination or assessment is inherent in ‘approval for adequacy’. You must periodically determine if any updating or revisions of any QMS documentation is needed, and if they are changed, they must be re-approved for adequacy.
Þ The frequency of this review, responsibility and method must be defined in your procedure. This will be determined by events within your organization and how mature or recent your QMS is. Auditors will explore this if they find that your documents have not changed in years, while the nature of your business has changed significantly.
Þ Identify changes made to documents so users know exactly what has changed. There are many ways of doing this on printed as well as computerized documents. Your procedure must cover how this is done.
Þ Have a method for revision control such as a revision log and master-list of documents which identifies the current revision status. Again, there are other ways of doing this as well. Your procedure must cover how this is done.
Þ Not all documents need to be available everywhere within your organization. You must determine what document is applicable (i.e. needed to assure product or process quality) to a specific process or activity and make the relevant version of that document available to that activity, e.g. providing current packaging and shipping work instructions to the shipping department. Your procedure must cover how this is done.
Þ Once you determine that certain documents need to be made available at various locations, implement some form of distribution control. There are many ways to do this. One way would be to keep a distribution log. Your procedure must cover your form of distribution control.
Þ Documents can take a beating in very harsh environments (covered in oil, dust, acid eaten, weather-beaten, etc.) to the point of being illegible. You must regularly review the condition of frequently used hardcopy documents to determine whether they need to be replaced. Your procedure must cover how this is done.
Þ Documents must also be readily identifiable as to its purpose and scope. A simple heading may suffice, (e.g. In-process Inspection Sheet). Computerized documents are sometimes given file names that don’t identify its contents and this might require numerous files to be opened before you find the right one. Identification also implies effective filing for timely retrieval, whether manual or computerized. A frequent nonconformity is not being able to retrieve a document or record because of poor filing procedures.
Þ External documents (such as customer drawings or supplier material/part specifications) must be identified. There are many ways to do this. One way would be to keep a manual or computer list of these documents. Determine who needs these documents and have some form of distribution control. Your procedure must cover how this is done.
Þ Don’t overlook supplier, regulatory or industry documents. Apply applicable controls to these as well (4.2.3f).
ÞObsolete documents can cause many problems if not controlled. There are many ways to do this. One way would be to provide computerized documents in read-only mode and make only the current version accessible at workstation computer screens. Obsolete hardcopy documents can be removed through distribution control. Your procedure must cover how this or other methods are used.
Þ Ensure your procedure also covers methods to disallow unauthorized and unapproved or incorrect documents from being created, used or distributed.
Þ If documents are archived, make sure that all such documents are properly identified, indexed and filed, and preferably have controlled or restricted access to them. Again your procedure must cover how this is done.
Þ Nonconformities against the document control process are one of the most frequent audit findings. Develop appropriate performance indicators to demonstrate effective implementation of your document control process. Examples include - number of obsolete or unauthorized documents found being used; number of unauthorized changes found; number of instances documents were not available at points of use; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your document control process.
Þ As mentioned in clause 4.1, use the PDCA to plan, implement, measure and improve your document control process. Your procedure should describe this approach.
4.2.4 Control of Records
Establish and maintain records as evidence that your QMS conforms to requirements and that your QMS is being operated effectively.
Establish a documented procedure that controls how you identify; store; protect; retrieve; retain and dispose of records.
Keep your records legible, readily identifiable, retrievable.
Note - disposition includes disposal; and records include customer-specified records
Key Explanation Points and Tips:
Þ A record is a special type of document that provides written evidence of results achieved or activity performed (e.g. an inspection record).
Þ Records provide one of the strongest forms of evidence of maintaining and demonstrating the effectiveness of your QMS. Ensure that your documented procedure for control of QMS records addresses each of the control requirements specified in this clause, in terms of who, what when, where and how. These controls apply to all QMS records whether they are hardcopy or computerized.
Þ ISO 9001 calls for many records. Some records are specified, while others are implied. The onus is on you to demonstrate or provide evidence (records) of conformity to requirements, whether the specific clauses ask for records or not. As we go through the clauses, I will identify specific and implied records. Make a list for yourself as we go along.
Þ Requirements for records may originate from the customer, regulatory, industry, or within your organization. Ensure you maintain records to conform to all of these as applicable. Records may also come from suppliers and outsourcers. All these records are subject to the above controls.
Þ The comments under document control regarding legibility, being identifiable and retrievable apply equally to QMS records.
Þ Readily identifiable - relates to easily determining the purpose and scope of the record, e.g. an inspection record for a product at final inspection. The design of QMS records must prevent confusion or ambiguity in the completion and use of records. Records must be written legibly to be useful. Also make sure that they are not exposed to unauthorized change or alteration.
Þ For the duration that they are kept, store records in locations and mediums that will protect against unauthorized access and environmental damage - (covered in oil, dust, acid eaten, weather-beaten, etc.). Regularly review the condition of records. The indexing and filing of records (hardcopy or computer) must ensure easy retrieval.
Þ Keep a listing of all the different categories of records and define the retention times associated with each category (inspection and test; sales and purchasing; management review; calibration; training; etc). Retention times are typically determined by customer, regulatory, industry or organizational requirements and policies.
Þ Records must eventually be disposed off once past their defined retention times. Disposition could range from permanent destruction of records to permanent storage in a secure onsite or off-site archive. The intent here is to remove the risk of inadvertent use and availability for current activities and unauthorized access. Depending upon the industry, specific records may be kept indefinitely.
Þ There are some who would argue that disposition means the permanent destruction of records. The ISO ‘Guidance on terminology” defines disposition as the action of getting rid of or making over, to arrange, a putting in order. This supports the interpretation I have taken.
Þ Nonconformities against the process for control of records arise frequently. Develop appropriate performance indicators to demonstrate effective implementation of your record control process. Examples of indicators could include - number of instances of inability to retrieve records; amount of time spent looking for records; number of instances of incomplete records; number of instances of damaged records found; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your record control process.
Þ As mentioned in clause 4.1, use the PDCA to plan, implement, measure and improve your process for record control. Your procedure should describe this approach.
TOP
2006 © Copyright Ask Art Solutions 905-593-8867 Mississauga, Ontario