ISO 9001 Standard - ISO 9001 Standards

Read more on ISO 9001 Standard at http://www.iso9001store.com

Software Development in an ISO 9000 company

ISO 9001:2008 standard defines requirements for a process-oriented Quality Management System. This means that desired results are achieved more efficiently when the related resources and activities, together with encompassing customer needs and satisfaction, are managed as a process. Quality Management System is specified in a Quality Manual document featuring a three-tier structure, which consists of Quality Processes (including Quality Policies), Quality Procedures and Work Instructions.

The problem is that Work Instructions are sometimes too bureaucratic. A good example of that approach is Tricker’s book on ISO 9000. According to it, a Work Instruction takes about 16 pages. Half of them contains purely administrative data (document data sheet, distribution list, amendments, list of annexes etc.). That makes the whole Quality Management System documentation superfluously thick.

Another drawback of Tricker’s approach is form-orientation: Work Instructions focus on how to fill-in the forms used by the Quality Procedures. What we propose is to make Work Instructions shorter (some elements can be omitted, some, e.g. terminology, can be put together and placed in one section). Moreover, Work Instructions should describe practices specific for a given methodology of

software development.

In our opinion, quality organization needs two things: general Quality Management System operating on a high abstraction level and a Thesaurus (knowledge database), which should materialize company’s knowledge. In the thesaurus templates of e.g. Quality Plans, historical data concerning past projects etc can be deposited. This information will be indispensable during planning and improving software processes.

The clauses of ISO 9001:2008 can be split into two parts. One part describes the general Quality Management System (chapters 4, 5, and 6) while the other part specifies requirements for a methodology to be adopted by an ISO-9000 company (chapters 7 and 8 of ISO 9001:2008). In the remaining part of the paper we will focus on requirements imposed by chapters 7 and 8 of the ISO 9001:2008.

ISO 9001:2008 standard defines requirements for a process-oriented Quality Management System. This means that desired results are achieved more efficiently when the related resources and activities, together with encompassing customer needs and satisfaction, are managed as a process. Quality Management System isspecified in a Quality Manual document featuring a three-tier structure, which consists of Quality Processes (including Quality Policies), Quality Proceduresand Work Instructions. The problem is that Work Instructions are sometimes too bureaucratic. A good example of that approach is Tricker’s book on ISO 9000. According to it, a Work Instruction takes about 16 pages. Half of them contains purelyadministrative data (document data sheet, distribution list, amendments, list of annexes etc.). That makes the whole Quality Management System documentation superfluously thick.

Another drawback of Tricker’s approach is form-orientation: Work Instructions focus on how to fill-in the forms used by the Quality Procedures. What we propose is to make Work Instructions shorter (some elements can be omitted,some, e.g. terminology, can be put together and placed in one section). Moreover,Work Instructions should describe practices specific for a given methodology ofsoftware development.In our opinion, quality organization needs two things: general Quality Management System operating on a high abstraction level and a Thesaurus (knowledgedatabase), which should materialize company’s knowledge. In the thesaurustemplates of e.g. Quality Plans, historical data concerning past projects etc can be deposited. This information will be indispensable during planning and improving software processes. The clauses of ISO 9001:2008 can be split into two parts. One part describes the general Quality Management System (chapters 4, 5, and 6) while the other part specifies requirements for a methodology to be adopted by an ISO-9000 company (chapters 7 and 8 of ISO 9001:2008). In the remaining part of the paper we will focus on requirements imposed by chapters 7 and 8 of the ISO9001:2008.

Why Implement ISO 14001 Environmental Management System?

All business, regardless of size and activity, has some impact on the environment. An Environment Management System (EMS) is a tool that allows a company identify and address their particular environmental impacts.

Environmental issues should not be considered in isolation to other management issues. By adopting an EMS a company is making a commitment to incorporate environmental issues into existing management systems.

Environmental management is based on the concept of continuous improvement in environmental performance over time. An EMS will continuously change as a company changes, for example as a business expands and takes on new staff. The EMS must also take account of external factors, such as changes in environmental legislation, technology, and market competition.

Ultimately the aim of the environmental management approach adopted by a company is to prevent or minimise the environmental impacts of operations, while retaining competitiveness. Environmental management is more than simply managing environmental impacts after they are created. Effective environmental management should aim to prevent or minimise the environmental impacts in the first place.

All companies are under increasing pressure to ensure the proper management of the environmental impacts of their activities. Small businesses are subject to increasingly stringent environmental legislation, reflecting the increasing importance of environmental issues in political debate. Customers, suppliers, staff and the general public increasingly demand a commitment from business to better manage the environmental impacts of their activities.

Benefits of an EMS include:

- Cost savings from reduced raw material and resource consumption, e.g. better management of your energy and water needs and consumption.

- Reduced waste collection, treatment and disposal costs.

- Compliance with legal obligations.

- Reduced risk and liability associated with poor environmental performance.

- Improved relationships with key stake holders e.g. customers, suppliers, staff, regulatory authorities and local communities.

ISO 14001 – Application to Small and Medium Size Enterprises

ISO 14001 – Application to Small and Medium Size Enterprises

Most of the development and application of EMS has taken place in large companies. The use of such systems in small and medium-size enterprises (SMEs) has been limited—although it is in this segment of industry that some of the largest benefits might be anticipated, because of the difficulty of regulating large numbers of small firms and the potential efficiency improvements that are believed to exist. In practice, however, the characteristics of the typical SME make the adoption of EMS difficult: most SMEs do not have a formal management structure, they lack technically trained personnel, and they are subject to severe short-term pressures on cash flow.

Anecdotal evidence indicates that an EMS cannot be used to drive improved performance in a poorly organized SME. Targeted training in management and quality control can improve overall performance, including its environmental aspects, and can provide a basis for more specific EMS development. Many firms can reap significant benefits from introducing quality management concepts, even where they are not aiming at formal certification. Any steps in this direction should be encouraged.

An EMS, as normally envisaged, builds on existing production and quality management systems. Where such systems are weak or ineffective, as is often the case in enterprises that have poor environmental performance, a better management framework has to be established before focusing on the details of the EMS. The costs of establishing an EMS will therefore obviously depend on the starting point in terms of both management systems and environmental performance.

The ecoefficiency savings can, in some cases, pay for the costs of establishing the EMS, particularly if most of the planning and organizational work is carried out in-house. However, a poor performer will very likely have to invest in production upgrading or pollution control in order to meet environmental requirements, and these costs can be significant.

A full EMS can be complex and can require an appreciable commitment of operational resources.

However, the final system can be reached reasonably through a series of discrete steps, starting from a basic, simple procedure and becoming more comprehensive and sophisticated as capabilities and resources allow. In this way, even a small enterprise can begin to put in place the basic elements of an ISO 14001 system and can develop them at an appropriate pace. Once the basic EMS is in place, it is possible to carry out a gap analysis and to make a balanced judgment on the costs and benefits of seeking certification.

A related issue is the coverage of the EMS. Certification is normally for specific sites or facilities.

A large enterprise may have a number of different sites and production facilities and may choose to seek certification only for a subset of the sites.

Role of Governments In ISO 14001 Standards

Role of Governments In ISO 14001 Standards

Although ISO 14000 is a set of voluntary standards that individual companies may or may not choose to adopt, governments can clearly have a role in providing information, establishing the necessary framework and infrastructure, and, in some cases, helping companies to develop the basic capabilities to adopt ISO 14000. There are two particular areas in which government action would be useful: (a) providing information on the sectors and markets where ISO 14001 certification is a significant issue and assisting sector organizations to develop appropriate responses, and (b) helping to establish a certification framework, based on strengthening national standards organizations and encouraging competitive private sector provision of auditing and certification services. At present, the World Bank is having discussions with a number of countries about how assistance could be provided with these issues.

Governments should see EMS approaches as part of a broad environmental strategy that includes regulatory systems, appropriate financial incentives, and encouragement of improved industrial performance. Such encouragement can really only be effective where there is cooperation at the government level between the relevant departments, including industry and trade, as well as environment. There is a growing interest in integrating environmental management issues into productivity or competitiveness centers designed to promote SME performance, but little information exists on experience to date.

Role of Governments In ISO 14001 Standards

Role of Governments In ISO 14001 Standards

Although ISO 14000 is a set of voluntary standards that individual companies may or may not choose to adopt, governments can clearly have a role in providing information, establishing the necessary framework and infrastructure, and, in some cases, helping companies to develop the basic capabilities to adopt ISO 14000. There are two particular areas in which government action would be useful: (a) providing information on the sectors and markets where ISO 14001 certification is a significant issue and assisting sector organizations to develop appropriate responses, and (b) helping to establish a certification framework, based on strengthening national standards organizations and encouraging competitive private sector provision of auditing and certification services. At present, the World Bank is having discussions with a number of countries about how assistance could be provided with these issues.

Governments should see EMS approaches as part of a broad environmental strategy that includes regulatory systems, appropriate financial incentives, and encouragement of improved industrial performance. Such encouragement can really only be effective where there is cooperation at the government level between the relevant departments, including industry and trade, as well as environment. There is a growing interest in integrating environmental management issues into productivity or competitiveness centers designed to promote SME performance, but little information exists on experience to date.

Guidance on Clause 4.2 of ISO 9001:2008

Guidance on Clause 4.2 of ISO 9001:2008

The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.

a) Documented statements of a quality policy and objectives:

Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.

Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).

Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.

b) Quality Manual:

Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS

A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.

Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.

The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.

c) Documented procedures:

ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:

4.2.3 Control of documents

4.2.4 Control of records

8.2.2 Internal audit

8.3 Control of nonconforming product

8.5.2 Corrective action

8.5.3 Preventive action

These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3 Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.

Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.

Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.

d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:

In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:

- Quality policy (clause 4.2.1.a)

- Quality objectives (clause 4.2.1.a)

- Quality manual (clause 4.2.1.b)

There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples

may include:

- Process maps, process flow charts and/or process descriptions

- Organization charts

- Specifications

- Work and/or test instructions

- Documents containing internal communications

- Production schedules

- Approved supplier lists

- Test and inspection plans

- Quality plans

All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable

e) Records:

Examples of records specifically required by ISO 9001:2008 are presented in Annex B.

Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.

Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.