I've been auditing to ISO 9001 since 1992. A part of my auditing philosophy has been to add value to the audited organizations by suggesting opportunities for improvement. Following, I will describe the most effective “value adds.”
Look at ISO 9001:2000 subclause 8.5.1--"Continual Improvement." The statement of this requirement is “The organization shall continually improve the effectiveness of the quality management system (QMS) through use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive action, and management review. ...well-run quality organizations have innovative methods of communicating with their customers.”
There are three major ways subclause 8.5.1 can be improved. Who is responsible for compliance to this requirement? Top management should have the responsibility. Also, there is no requirement for a process to accomplish continual improvement. Finally, how does one measure the effectiveness of the quality management system? Without a defined measurement of effectiveness it will be difficult to show improvement.
As a “value add,” I suggest that the organization document an improvement program similar to that defined in TL 9000. Adder 8.5.1.C.1 in TL 9000 reads as follows: “The organization shall establish and maintain a documented Quality Improvement Program to improve: a) customer satisfaction; b) quality and reliability of the product, and c) other processes/products/services used within the organization.”
Two issues remain: the responsibility for the improvement program and measuring the effectiveness of the quality management system. I suggest specifically identifying top management as responsible and adding a quality objective for quality system effectiveness in subclause 5.4.1--"Quality Objectives." Top management should define a measure that could be as simple as an index developed from a balanced scorecard.
There are a number of ISO 9001 requirements that are aimed at better communication with customers and suppliers. Subclause 5.2--"Customer Focus," requires top management to “ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction.” This ties directly into subclause 7.2.1--"Determination of Requirements Related to the Product;" subclause 7.2.2.--"Review Requirements Related to the Product;" subclause 7.2.3--"Customer Communication;" and subclause 8.2.1--"Customer Satisfaction."
My experience with these requirements is that well-run quality organizations have innovative methods of communicating with their customers. Again, TL 9000 provides tools to use for improving customer communication. Adder 5.2.C.1--"Customer Relationship Development," requires top management's active involvement in relationship development; and adder 5.2.C.2--"Customer Communication Procedures," requires a strategy and criteria for customer selection, methods for sharing joint expectations and quality improvement of products, and regular joint reviews which include resolution of issues.
A key to customer communication is the use of an effective method for determining customer satisfaction. I've found this to be weak in many organizations. I get comments from the audited organization that they send out surveys and get very few responses. Also I hear “the number of customer complaints is down this month.” The “value add” that I usually provide is for the sales force to bring a copy of the surveys with them when they visit the customer and ask the customer to fill it out before they leave. This generally results in improvements in customer satisfaction information.
Communication with suppliers is also a key factor in well-run organizations. Subclause 4.1, General Requirements, requires organizations to ensure control over outsourced processes. I suggest to organizations that QMS planning, subclause 5.4.2, include inputs from suppliers, outsourced processes, and customers. The overall “value add” for communication with customers and suppliers is to find innovative ways of communicating with them as part of the planning process. This is especially important during the design and development of new products.
Subclause 4.1--"General Requirements," requires identification of the processes needed for the QMS; their sequence and interaction; methods of assuring their effectiveness; provision of necessary resources; and information required for their operation, monitoring, measurement, operation, analysis, and improvement of the processes.
I suggest improvements as follows: First, the organization should identify an owner who’s responsible for ensuring effective operation of each process. Second, the inputs and outputs of each process should be defined as part of the QMS. Third, in addition to the resources needed, the constraints on the operation of each process should be defined. Finally, the activities of each process should be identified in phases of plan, do, check, and act (PDCA). This will provide a tool for continual improvement of each process.
The process approach should also have an effect on internal auditing. Each audit should be developed based on the organization's processes. Process auditing built on PDCA provides a much more effective feedback mechanism than check-list audits. This is because organizations operate in terms of their processes and opportunities for improvement will be more readily identified when auditing these processes.
Product realization planning covers activities such as determining objectives and requirements for the product; establishing needed processes, documents, and resources; life cycle activities such as verification, validation, monitoring, inspection, and tests; and establishment of records that show that product requirements have been met. What is missing is a view of products (and services) over time.
The “value add” for product realization is to include a life-cycle model of the product (or service). TL 9000 adder 7.1.C.1--"Life Cycle Model," provides a good example of such a model. The framework identified in TL 9000 includes “the processes, activities, and tasks involved in the concept, definition, development, production, operation, maintenance, and disposition of the product.” TL 9000 also has separate adders describing "New Product Introduction" (7.1.C.2) and "End of Life Planning" (7.1.C.4)
Another aspect of product realization planning in TL 9000 that should be included in a QMS is "Disaster Recovery" (7.1.C.3). A whole variety of disasters should be considered. In addition to the natural disasters, there are problems such as homeland security issues, failure of manufacturing equipment, loss of computer systems, software virus attacks, and loss of key personnel.
Risk management has gained national prominence with the passage of the Sarbanes-Oxley Law. One aspect of the law is a requirement that an organization have a system of internal control, including a risk management element. Risk management should be added to ISO 9001, subclause 5.4.2--"Quality Management System Planning."
A leading risk for any organization today is the supply chain. A “value add” that I've suggested to clients is to add specific requirements on identifying supply chain risk to subclause 5.4.2 of ISO 9001.
Subclause 8.4 of ISO 9001 requires analysis of data gathered on customer satisfaction, conformity to product requirements, characteristics and trends of processes and products, and suppliers. This subclause provides opportunities for risk identification. The trends observed in the data are good predicators of future risks. They should be used as major inputs to the organization's risk analysis process. Identification of risks should lead to preventive actions managed using subclause 8.5.3 of ISO 9001.
The revision of ISO 9001 completed in 2008 is an amendment to the current standard. The changes are minimal and don’t address some of the needs of organizations wanting to extend their QMSs toward excellence.
During my years as an internal and external auditor I've identified additions to the QMSs that in fact added value. The few additions (“value adds”) to 9001 that I described in this article can improve the QMS and reduce risks to the organization. These additions should be considered by the standards committee drafting the next revision of ISO 9001.
This article first appeared in MasterControl Inc.'s web site.
Sandford Liebesman is president of Sandford Quality Consulting LLC, in Morristown, New Jersey, following more than 30 years of experience in quality at Bell Laboratories, Lucent Technologies, and Bellcore (Telcordia). He's an author of TL 9000, Release 3.0: A Guide to Measuring Excellence in Telecommunications, and Using ISO 9000 to Improve Business Processes. Liebesman, a fellow of ASQ and chairman of the ASQ electronics and communications division, is a member of ISO technical committee 176 and the ANSI Z-1 committee on quality assurance and a RABQSA International-certified ISO 9000 and TL 9000 lead auditor.
Sign In to get started!
