First established by the International Organization for Standardization back in 1987, ISO9000 is set of standards designed to give organisations a framework to guarantee a high level of customer and stakeholder satisfaction. In pursuit of this aim, ISO 9000 lays out 7 principles that organizations should adhere to in order to create a robust quality management process.
ISO 9001 is the certifiable part of the ISO 9000 family, and details the criteria interested organisations must meet in order to achieve ISO 9001 certification. Globally recognised and relevant to organizations in all sectors, ISO 9001 certification has been achieved by over 1 million organizations worldwide, and is believed to be the pre-eminent set of quality management system standards globally.
What is a Quality Management System (QMS)?
A quality management system is a set of business processes (plus supporting documentation) established with the aim of guaranteeing products or services meet a required standard. Designed to optimise business activities, a quality management system should be guided by two primary aims: constant improvement and client/stakeholder satisfaction. A QMS strives for excellence of outcome while also considering constraints, such as regulatory pressures, resource limitations and ongoing costs.
How to create an ISO 9001 compliant QMS
Now that we have the basics covered, let’s look deeper at what ISO 9001 stipulates in terms of constructing a sound quality management system. We’re going to examine the most recent version of the standard – ISO 9001:2015.
Before ISO 9001 sets out the certification criteria, it introduces a series of concepts that are central to developing a QMS that delivers on its objectives. These include:
The Process Approach. This encourages organizations to consider their internal processes, how these processes interact with one another and the resource inputs and actions that each entail. The aim of this concept is to encourage the ‘mapping out’ of processes in order to shine a light on the structures, inputs and variables most critical to delivering the desired high-quality end product or service.
Risk-based thinking. This concept urges organisations to consider the risks inherent in their business processes, whether these risks are tolerable or manageable and determine whether the reward on offer warrants the risks involved. ISO 9001 calls for a formal, documented risk management process, which takes into account threats faced and the mitigatory steps that are to be taken to manage these risks.
The PDCA cycle. The ‘plan, do, check, act’ cycle stresses the importance of continual process improvement, and recommends a simple, four stage process for introducing organisational changes. ‘Plan’ involves considering objectives, the parties involved and operational constraints, ‘do’ involves introducing the planned changes, ‘check’ involves assessing the outcome of changes and ‘act’ concerns taking corrective measures to achieve the desired outcome where needed. Each of the 7 requirement categories (which we’re about to cover) of ISO 9001 fall somewhere onto this cycle.
What requirements does ISO 9001 specify?
ISO 9001:2015 is divided into 10 clauses, 7 of which are criteria for the standard. Clauses 1-3 are informational, so we shall skip these for the sake of brevity.
Clause 4: Context of the Organisation.
This clause requires organisations to consider the context of their operation in the broadest possible sense. Consideration should be given to internal context (employees, regulatory frameworks and contractual obligations), external context (market pressures, competition drivers and legal hurdles) as well as what ISO refers to as ‘interested parties’ – clients, suppliers, stakeholders, employees etc. The idea is that this process maps out the individuals and entities who have a stake in your organisation, as well as the operational constraints that will come to define the parameters of your quality management system.
Clause 5: Leadership.
Clause 5 sets out the duties of management personnel in successfully developing and implementing the QMS. Leaders should instate a quality policy document, allocate the resources required to achieve quality objectives, set objectives and assign responsibilities to others where appropriate.
Clause 6: Planning
The planning clause requires organisations to balance risk with reward, and explore ways to take action to mitigate risk without inhibiting opportunities. It also instructs on the establishment of ‘quality objectives’ which should support the aims of the quality policy document, and stresses the need to allocate resources, assign responsibilities, establish deadlines and evaluate results in ways that support these aims.
Clause 7: Support and Resources
This clause underlines the importance of having adequate resources in place to support the aims of the quality management system. Onus is placed on management to ensure the facilities, equipment, personnel and training needed to maintain quality objectives are made available. This clause also makes provisions for communication, pressing the need for organisations to institute robust communication strategies and channels.
Clause 8: Operations Control
These requirements set out the criteria for achieving a high quality end product or service by actioning the plans conceived in the previous 4 clauses. It also includes provisions for the deployment of process controls designed to steer live processes to the desired outcome. One such example might include ensuring alternative suppliers can step in to provide an input resource in the event of a main supplier failing to deliver.
Clause 9: Performance Evaluation and internal audit
This clause requires organisations to evaluate the outcomes of processes, comparing results to the quality objectives that have been set. This constitutes the ‘check’ phase of the PDCA cycle, and is a critical component in ensuring continual improvement. Prior to certification, this clause requires organisations to perform internal audits, ensuring the newly developed QMS meets both internal requirements and ISO 9001’s certification criteria.
Clause 10: Corrective actions
This clause relates to the ‘act’ phase of the PDCA cycle, and requires organisations to act to correct any deficiencies and process non-conformities discovered during the evaluation phase. These actions should seek to address issues at their base, and corrective procedures should be checked to ensure efficacy.
Hopefully this article has proved a useful summary of the ISO 9001 standard, and given some food for thought as to the organisational measures required for certification. In the following article we’ll examine some of the business benefits to achieving certification, as well as the role your IT system can play in the quality management process.