Volume 9 · Issue 2 · February 2004
Contents
The ABCs of QMS Management
What Is Your Next Step With ISO 9001:2000
Fact: The ISO 9001:2000 transition ended on December
15, 2003.
Fact: Between 51.0% and 77.5% of all US organizations
registered to ISO 9001:2000 are likely to have their first surveillance
audit for conformity with the new standard between now and June 2004.
And between now and December 2004, up to 90.8% of registered organizations
will have had only two surveillance audits by their quality management
system (QMS) registrar.
If your organization is among the vast majority that made the transition
to ISO 9001:2000 since June 2003, are you—and your organization’s
QMS—prepared for those audits?
The expectation is that, when the dust has settled and the final registration
numbers are known, approximately 95% of US organizations previously registered
to ISO 9001/2/3:1994 have replaced those certificates with ones for ISO
9001:2000 or sought a sector registration that involves ISO 9001:2000
conformity or eventually will. For those of you who made the ISO 9001:2000
transition, the first question you may want to ask now that the transition
is over is: So, what happens now?
From both a requirements and opportunity standpoint, that is the wrong
question, because it conveys passivity. But your organization cannot be
passive—waiting for something to happen to it—if it is going
to maintain its ISO 9001:2000 registration, never mind survive as a going
concern. Your organization and its QMS will face surveillance audits from
its registrar in the coming months, and the likelihood is that those surveillance
audits will become more challenging over time for some organizations.
Why? Because ISO 9001:2000 explicitly requires your QMS and organization
to do things that the registrar auditors will eventually expect to see
evidence of. And the expectations of your customers will be increasing
as well.
In reality, the question you need to be asking 3, 6, 9 and 12 months
(and so on) after your organization completed the transition is: So, what
do we do now? If it has not already, your organization will face those
QMS surveillance audits in the next few months, which will seek evidence
of conformity with the 2000 edition of ISO 9001. ISO 9001:2000 specifically
requires two things the 1994 editions of ISO 9001/2/3 did not: customer
satisfaction and continual improvement of QMS effectiveness.
Those involved in developing ISO 9001/2:1994 will tell you that these
were always expected results if you really followed through on what the
1994 standards required, but ISO 9001:2000 is explicit in its requirements.
The problem is knowing how to satisfy these requirements and how soon
the registrar’s auditors will expect to see evidence of your organization’s
success in satisfying them. The reality is that some registrar auditors
do not yet fully understand the concept of a process approach-based QMS
and how to audit it, but experience and persistence will equip many of
them to conduct upcoming surveillance audits with an eye for what constitutes
conformity to these and other requirements and what does not.
In the past, maintaining registration to ISO 9001/2:1994 meant that you
could keep the QMS pretty much as it was and that was enough to satisfy
the auditors, but the following clauses/subclauses of ISO 9001:2000 include
requirements that mean the registrar auditors—and your organization’s
internal auditors—should be looking for activity aimed at management
of that management system and change:
- 5.2, Customer Focus—“with the aim of enhancing customer
satisfaction”
- 5.3, Quality Policy—“includes a commitment to comply with
requirements and continually improve the effectiveness of the [QMS]”
- 5.4.1, Quality Objectives—“The quality objectives shall
be measurable and consistent with the quality policy.”
- 5.6.1, Management Review—General—“This review shall
include assessing opportunities for improvement and the need for changes
to the [QMS], including the quality policy and quality objectives.”
- 5.6.2, Review Input—“The input to management review shall
include information on a) results of audits, b) customer feedback, c)
process performance and…g) recommendations for improvement.”
- 5.6.3, Review Output—“The output from the management
review shall include any decisions and actions related to a) improvement
of the effectiveness of the [QMS] and its processes, b) improvement
of product related to customer requirements,….”
- 7.2.3, Customer Communications—“The organization shall
determine and implement arrangements for communicating with customers
in relation to…c) customer feedback, including customer complaints.”
- 7.4.1, Purchasing Process—“The organization shall evaluate
and select suppliers based on their ability to supply product in accordance
with the organization’s requirements. Criteria for selection,
evaluation and re-evaluation shall be established.”
- 8.1, Measurement, Analysis and Improvement—General—“The
organization shall plan and implement the monitoring, measurement, analysis
and improvement processes needed a) to demonstrate conformity of the
product, b) to ensure conformity of the [QMS], and c) to continually
improve the effectiveness of the [QMS].”
- 8.2.1, Monitoring and Measurement—Customer Satisfaction—“As
one of the measurements of performance of the [QMS], the organization
shall monitor information relating to customer perception as to whether
the organization has met customer requirements.”
- 8.2.2, Internal Audits—“The organization shall conduct
internal audits at planned intervals to determine whether the [QMS]
a) conforms to the planned arrangements, to the requirements of [ISO
9001:2000] and to the [QMS] requirements established by the organization,….”
- 8.2.3, Monitoring and Measurement of Processes—“The organization
shall apply suitable methods for monitoring and…measurement of
the [QMS] processes. These methods shall demonstrate the ability of
the processes to achieve planned results.”
- 8.4, Analysis of Data—“The organization shall determine,
collect and analyse data to demonstrate the suitability and effectiveness
of the [QMS] and to evaluate where continual improvement of the effectiveness
of the [QMS] can be made…. The analysis of data shall provide
information relating to a) customer satisfaction…, c) characteristics
and trends of processes and products including opportunities for preventive
action,….”
- 8.5.1, Continual Improvement—“The organization shall
continually improve the effectiveness of the [QMS] through the use of
the quality policy, quality objectives, audit results, analysis of data,
corrective and preventive actions and management review.”
These 14 instances specify requirements that expect your organization
to manage its processes in a way that leads to changes that represent
effective business management, not just quality management. However, it
is up to you and your organization as a whole to manage that system and
to pursue change after completing the ISO 9001:2000 registration process
that will not just satisfy the registrar auditors on the next surveillance
audit, but will produce a return on the investment made to implement and
transition the QMS and obtain/retain registration. Without that, you might
face the loss of the ISO 9001:2000 registration certificate, and you will
certainly lose the opportunity to improve business performance, process
efficiency, customer satisfaction and the product itself in doing what
is required for registration.
This article will not begin to examine the clauses and subclauses listed
above from a “post-transition” perspective, but it will put
the concepts into perspective with the expectation that the examination
will occur through the months ahead from a number of different perspectives.
However, it may help to put what your organization must—and really
needs to—do into some sort of focus.
The ABCs of QMS Management
Yes, it makes a catchy title, but it means a lot more if you
seek to capture the concepts behind effective use of ISO 9001:2000 registration.
Obtaining the certificate simply means your QMS conforms with minimal
requirements that everyone else registered to ISO 9001:2000 is meeting.
Nothing has actually changed in this light from the 1994 and 1987 editions
of ISO 9001/2/3—you are still using a standard to set up a system,
and that system needs to be customized so that it really meets your organization’s
needs and fits the corporate culture so that employees and management
can understand it and will find it helpful to follow.
As noted above, ISO 9001:2000 specifically requires proactive efforts
through the QMS to make the system more effective over time (i.e., you
have to manage the management system so that it improves) and this will
result, with management commitment to and effective use of the QMS, in
enhanced customer satisfaction.
Are there really ABCs for QMS management? Actually, your organization
has to meet all the requirements (and more) in the clauses and subclauses
of ISO 9001:2000 listed above, but the following may serve as a good way
to remember some of those key requirements and tools:
- A—Analysis (of data), Auditing
and Actions (Corrective and Preventive)—These
are three of the key activities an organization must take to both maintain
and manage the system and to pursue its improvement as well as enhanced
customer satisfaction. They are requirements, but they represent tools
that go beyond mere conformity. In this issue is one article on auditing
and one on the use of management systems to manage risk.
- B—Baseline, Benchmarking and
Bottom-Line—These are three measurements and
measurement tools that provide the basis for improvement. If you don’t
know where you are starting from—your organizational baseline—it
will be difficult to know what needs attention first, where opportunities
lie and what has been achieved as a result of improvement efforts. Benchmarking
is a means of determining what opportunities for improvement might be
available to your QMS and organization by measuring your organization
against similar and/or very different organizations. If your organization
is in business to make money so as to make employees, suppliers, owners
and investors “satisfied customers”, the QMS must be maintained
and improved so that its bottom-line benefits. Therefore, you need to
measure performance improvement in terms of the impact on the bottom-line,
including consideration of the negative impacts on the bottom-line if
the QMS had not been in place and effective.
- C—Commitment (of Top Management), Continual
Improvement and Customer Satisfaction—These are
three outcomes your QMS must produce to meet and exceed ISO 9001:2000’s
requirements, both to satisfy the registrar auditors to make implementation
and registration worth the investment. You may be surprised to see commitment
of Top Management to the QMS as a desired outcome, but this is how you
need to be thinking about the QMS if you are the management representative,
an auditor or even a process owner. The QMS has to be a value-adding
tool for the organization to use and one that even the busiest employees
will not find a burden to adhere to, but rather a way of doing things
that will lift some of the burden of their workloads through increased
efficiency. How do you achieve these outcomes with a QMS? There are
many ways, and one of them begins with a B (Baldrige criteria).
There is one more C that needs to be mentioned: Communication.
THE OUTLOOK will be seeking out and developing articles in coming
months to address ISO 9001:2000 usage in the post-transition world, particularly
in light of the ABCs, but there are many topics to cover. It is up to
you, the reader, to communicate with THE OUTLOOK in two ways
to make the outcome worth the investment in ISO 9001:2000.
First, communicate what issues and/or tools you need to see addressed,
which will help guide content development in future issues so that your
needs are met. If there is a topic that is causing you trouble or that
you want to learn more about, communicate that need.
Second, communicate your willingness to be a contributor to the coverage
on QMS management. If your organization has used quality management tools,
you are encouraged to contact THE OUTLOOK about serving as a
case study or providing your observations about your organization’s
experiences with the tools.
You can contact Jim Mroz, the Senior Editor, by e-mail (INFORMintl@aol.com)
or phone (703-239-9044) to discuss issues and tools or to contribute your
insights. The future is yours to make and it is never too late to communicate.