ISO 9001:2008 for Small Businesses, Fourth Edition

Citation preview

ISO 9001: 2008 for Small Businesses

About the Author

Ray Tricker (MSc, IEng, CMan FIET, FCMI, FCQI, FIRSE) is the Principal Consultant of Herne European Consultancy Ltd (a company specialising in Quality, Environmental and Safety Management Systems) and is also an established Butterworth-Heinemann author (37 including this one). He served with the Royal Corps of Signals (for a total of 37 years) during which time he held various managerial posts culminating in being appointed as the Chief Engineer of NATO’s Communication Security Agency (ACE COMSEC). Most of Ray’s work since joining Herne has centred on the European Railways. He has held a number of posts with the Union International des Chemins de fer (UIC) [e.g. Quality Manager of the European Train Control System (ETCS)] and with the European Union (EU) Commission [e.g. T500 Review Team Leader, European Rail Traffic Management System (ERTMS) Users Group Project Co-ordinator, HEROE Project Co-ordinator] and currently (as well as writing books on diverse subjects such as Optoelectronics, Medical Devices, ISO 9001:2000, Building, Wiring and Water Regulations for Elsevier under their Butterworth-Heinemann and Newnes imprints!) he is busy assisting Small Businesses from around the world (usually on a no cost basis) to produce their own auditable Quality and/or Integrated Management Systems to meet the requirements of ISO 9001:2008, ISO 14001 and OHSAS 18001. He is also a UKAS Assessor for the assessment of certification bodies for the harmonisation of the Trans-European, High Speed, Railway Network. Recently he has been appointed as the Quality, Safety and Environmental Manager for the Project Management Consultant overseeing the multi-billion Dollar Trinidad Rapid Rail System. One day he might retire! To Lalita with Love – As Always

ISO 9001: 2008 for Small Businesses (Fourth Edition)

Ray Tricker

AMSTERDAM  BOSTON  HEIDELBERG  LONDON  NEW YORK  OXFORD PARIS  SAN DIEGO  SAN FRANCISCO  SINGAPORE  SYDNEY  TOKYO Butterworth-Heinemann is an imprint of Elsevier

Butterworth-Heinemann is an imprint of Elsevier Linacre House, Jordan Hill, Oxford OX2 8DP, UK 30 Corporate Drive, Burlington, MA 01803, USA First published 1997 Reprinted 1997, 1998, 1999, 2001 Second edition 2001 Reprinted 2001, 2002, 2003 Third edition 2005 Fourth edition 2010 Copyright Ó 2010, Ray Tricker. Published by Elsevier Ltd. All rights reserved. The right of Ray Tricker to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988. Permission to reproduce extracts from ISO 9001:2008 is granted by BSI on behalf of ISO under Licence No. 2009ET0048. No part of this publication may be reproduced in any material form (including photocopying or storing in any medium by electronic means and whether or not transiently or incidentally to some other use of this publication) without the written permission of the copyright holder except in accordance with the provisions of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, England W1T 4LP, UK. Applications for the copyright holder’s written permission to reproduce any part of this publication should be addressed to the publisher. Permissions may be sought directly from Elsevier’s Science and Technology Rights Department in Oxford, UK. Tel.: (144) (0) 1865 843830; fax: (144) (0) 1865 853333; e-mail: permissions@ elsevier.co.uk. You may also complete your request on-line via the Elsevier Science homepage (http://www.elsevier.com), by selecting ‘Customer Support’ and then ‘Obtaining Permissions’. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library. Library of Congress Cataloguing in Publication Data A catalogue record for this book is available from the Library of Congress. ISBN–13: 978-1-85617-861-7 For information on all Elsevier Butterworth-Heinemann publications please visit our website at http://books.elsevier.com

Printed and bound in Great Britain 10 11 12 10 9 8 7 6 5 4 3 2 1

Contents

Foreword Preface Books by the Same Author

1.

The Importance of Quality to Small Businesses 1.1 1.2 1.3 1.4

1.5

1.6 1.7

2.

The Background to ISO 9000 2.1 2.2 2.3 2.4 2.5

2.6

.

The Importance of Quality Quality Control Quality Assurance Specifications 1.4.1 The Significance of Specifications 1.4.2 Types of Specification 1.4.3 Supplier’s Responsibilities 1.4.4 Purchaser’s Responsibilities Quality Assurance During a Product’s Life Cycle 1.5.1 Design Stage 1.5.2 Manufacturing Stage 1.5.3 Acceptance Stage 1.5.4 In-Service Stage Benefits and Costs of Quality Assurance Costs of Quality Failure 1.7.1 The Supplier 1.7.2 The Purchaser

What is ISO 9000? What National and International Standards are Available (and What is their Interoperability)? What about the Growth of Quality-Specific Standards? Who is ISO? What is the Background to ISO 9000 and its Current Status? 2.5.1 ISO 9000:1987 2.5.2 ISO 9000:1994 2.5.3 ISO 9001:2000 2.5.4 ISO 9001:2008 What are the Current ISO 9000 Standards? 2.6.1 ISO 9000:2005 Quality Management Systems – Fundamentals and Vocabulary

xi xv xix

1 1 4 4 6 6 7 9 10 12 12 15 16 16 18 19 20 21

23 23 25 29 31 32 32 33 33 36 36 37 v

vi

Contents

2.6.2

2.7 2.8

2.9

2.10 2.11

2.12

2.13

ISO 9001:2008 Quality Management Systems – Requirements 2.6.3 ISO 9004:2004 Quality Management Systems – Guidelines for Performance Improvement Quality Management Principles Is ISO 9001:2008 Compatible with Other Management Systems? 2.8.1 The OHSAS 18000 Series 2.8.2 ISO 14000 2.8.3 What is the Difference Between ISO 9000 and ISO 14000? What Other Standards are Based on ISO 9001:2000? 2.9.1 Aerospace 2.9.2 Automotive Industry 2.9.3 Computer Software 2.9.4 Food and Drink Industry 2.9.5 Education 2.9.6 Energy 2.9.7 Food and Safety 2.9.8 Health Care 2.9.9 Information Security 2.9.10 Iron Ore Industry 2.9.11 Local Government 2.9.12 Medical Devices 2.9.13 Petroleum, Petrochemical and Natural Gas Industries 2.9.14 Ships and Marine Technology 2.9.15 Supply Chain Management 2.9.16 Telecommunications Industry 2.9.17 Testing and Calibration Laboratories What is ISO 9001:2008’s Basic Process? What Is the Structure of ISO 9001:2008? 0 Introduction 1 Scope 2 Normative References 3 Terms and Definitions 4 Quality Management System 5 Management Responsibility 6 Resource Management 7 Product Realisation 8 Measurement, Analysis and Improvement What are the Changes to the ISO 9001 Standard? 2.12.1 What Impact Do the Changes Have on Existing Registrants to ISO 9001:2000? What About Auditing ISO 9001:2008? 2.13.1 Purpose of an Audit 2.13.2 Types of Audit 2.13.3 Audit Categories 2.13.4 ISO 19011:2002

37 38 38 42 42 43 44 44 45 45 45 45 45 46 46 46 46 46 47 47 47 47 47 47 48 48 49 50 50 50 50 52 53 54 55 57 64 64 64 64 65 65 66

vii

Contents

2.14

2.15 2.16

3.

67 67 67 67 68 68 69 69 70

The Process Approach

71

3.1 3.2 3.3

71 73 74 78 80 80 82 82

3.4

4.

Certification 2.14.1 As a Small Business Do i Need to be Certified and/or Registered to ISO 9001:2008? 2.14.2 Who Can Certify an Organisation? 2.14.3 What Is Required for Certification? 2.14.4 What Is the Difference Between Being Certified and Being Registered? 2.14.5 What Is the Difference Being Certified and Being Compliant? 2.14.6 What Is the Difference Between Being Certified and Being Accredited? Who will be Responsible for Quality Within an Organisation? What is the Future Evolution of ISO 9000

Background But what is the Process Approach? Planning an Organisation’s Business Processes 3.3.1 Core Business Process 3.3.2 Supporting Processes 3.3.3 Primary Supporting Processes 3.3.4 Secondary Supporting Processes Inter-Relationship of Process Documentation

Quality Management System

85

4.1

85 85 88 89 91

4.2 4.3

4.4 4.5 4.6 4.7

4.8

4.9

Quality Management System – Requirements 4.1.1 Basic Requirements of a Quality Management System Quality Management System Principles Quality Management System Approach 4.3.1 What Is a Quality System? 4.3.2 What Is the Difference Between a Quality Manual and a Quality System? Quality Management System Structure 4.4.1 QMS Documentation Quality Manual Processes Quality Procedures 4.7.1 What Documented Procedures Are Required by ISO 9001:2008? Work Instructions 4.8.1 What Is the Difference Between a Work Instruction and a Record? Quality Plan 4.9.1 Management Responsibility 4.9.2 Contract Review 4.9.3 Design Control

91 91 92 93 94 96 96 97 97 98 100 100 101

viii

Contents

4.10

5.

4.9.4 Document and Data Control 4.9.5 Purchasing 4.9.6 Customer Supplied Product 4.9.7 Product Identification and Traceability 4.9.8 Process Control 4.9.9 Inspection and Testing 4.9.10 Inspection, Measuring and Test Equipment 4.9.11 Non-Conforming Service/Product 4.9.12 Other Considerations Quality Records

The Structure of ISO 9001:2008 5.1

5.2 5.3 5.4

5.5

5.6

5.7

5.8

101 101 101 101 102 102 102 102 103 103

107

Section 1 – Scope 107 5.1.1 Section 1.1 General 107 5.1.2 Section 1.2 Application 108 Section 2 – Normative Reference 108 Section 3 – Terms and Definitions 109 Section 4 – Quality Management System 110 5.4.1 Section 4.1 General Requirements 110 5.4.2 Section 4.2 Documentation Requirements 111 Section 5 – Management Responsibility 117 5.5.1 Section 5.1 Management Commitment 118 5.5.2 Section 5.2 Customer Focus 119 5.5.3 Section 5.3 Quality Policy 120 5.5.4 Section 5.4 Planning 122 5.5.5 Section 5.5 Responsibility, Authority and Communication 125 5.5.6 Section 5.6 Management Review 127 Section 6 – Resource Management 131 5.6.1 Section 6.1 Provision of Resources 131 5.6.2 Section 6.2 Human Resources 133 5.6.3 Section 6.3 Infrastructure 135 5.6.4 Section 6.4 Work Environment 136 Section 7 – Product Realisation 136 5.7.1 Section 7.1 Planning and Realisation 137 5.7.2 Section 7.2 Customer-Related Processes 139 5.7.3 Section 7.3 Design and Development 142 5.7.4 Section 7.4 Purchasing 155 5.7.5 Section 7.5 Production and Service Provision 161 5.7.6 Section 7.6 Control of Measuring and Monitoring Equipment 166 Section 8 – Measurement, Analysis and Improvement 169 5.8.1 Section 8.1 General 170 5.8.2 Section 8.2 Monitoring and Measurement 171 5.8.3 Section 8.3 Control of Non-conforming Product 177 5.8.4 Section 8.4 Analysis of Data 179 5.8.5 Section 8.5 Improvement 181

ix

Contents

6.

Example Quality Management System

187

7.

Self-assessment

345

7.1 7.2

7.3 7.4

7.5

How ISO 9000 can be Used to Check Small Businesses Quality Management System Internal Audit 7.2.1 Audit Plan 7.2.2 Internal Audit Program External Audit 7.3.1 Supplier Evaluation The Surveillance or Quality Audit Visit 7.4.1 Multiple Evaluations and Audits 7.4.2 Secondary Audit 7.4.3 Third-Party Evaluation 7.4.4 Conformity Assessment Self-Assessment Checklists 7.5.1 Documentation Required by an Organisation to Meet ISO 9001:2008 Requirements 7.5.2 ISO 9001:2008 Requirements of Management 7.5.3 Example Checklist of Typical Auditors Questions for ISO 9001:2008 Compliance 7.5.4 Example Stage Audit Checklist

Appendix 7A Appendix 7B Appendix 7C Appendix 7D Annex A Annex B Annex C

Documentation Required by an Organisation to meet ISO 9001:2008 Requirements ISO 9001:2008 Requirements of Management Example of Typical Auditors Questions for ISO 9001:2008 Compliance Example Internal Stage Audit Checks Documentation Requirements Customer Satisfaction Guidance on Non-Conforming Products

References Abbreviations and Acronyms Index

346 347 348 349 357 357 361 361 362 362 362 363 363 363 363 364 364 378 397 414 419 424 440 445 447 451

This page is left intentionally blank

Preface

With the increased demand for quality in everything that we do or make nowadays has come the need to have some formalised set of rules to work to. Up until a few years ago, however, there were no formalised standards for recognising a manufacturer’s (or supplier’s) quality. Quality procedures and guarantees were therefore required and the Military – as so often happens in these cases – came to the rescue. NASA (in their capacity as controlling body for the US Space Program and with their requirement for the highest level of equipment reliability) was the first to produce a set of procedures, specifications and requirements. These became to be known as Military Specifications (Mil Specs) and manufacturers and suppliers, regardless of their size, were required to conform to these requirements if they wanted to provide equipment for this lucrative military market. The North Atlantic Treaty Organisation (NATO), under the American influence, then produced a series of quality assurance procedures which were known as the NATO Allied Quality Assurance Publications (AQAPs). These were republished by the British Ministry of Defence (MOD) as the Defence Standard (DEF STAN) 05 series of procedures. Civilian firms and contractors quickly realised the necessity of ensuring that manufacturers and suppliers should abide to an agreed set of quality standards and the British Standards Institution (BSI) formally adapted the DEF STAN 05 series into a virtually identical set of documents known as the BS 5750 series. This standard was then copied by other nations and a common series of recommendations known as the ISO 9000:1994 series of ‘Standards for Quality Assurance’ were produced. Under existing international agreement, all international standards have to be re-inspected 5 years after publication. In accordance with this agreement, the 1994 versions of ISO 9000 series were revised with more emphasis being placed on the need for customer satisfaction and the use of a more modular, process approach to quality management. The main change caused by this new review process, however, was the amalgamation of the previous (similar) requirements contained in the ISO 9001:1994, ISO 9002:1994 and ISO 9003:1994 standards into a single ISO 9001:2008 standard. Note: Although not officially referred to as a ‘requirements standard’, ISO 9001:2008 does, nevertheless, contain 141 ‘shalls’ and 2 ‘musts’ as opposed to 4 ‘shoulds’ and 1 ‘could’! ISO 9001:2008 specifies the national, regional and international accepted procedures and criteria that are required to ensure that products and services .

xv

xvi

Preface

meet customers’ requirements. It identifies the basic disciplines of a Quality Management System and can be used by manufacturers, suppliers, service industries and end users – large or small – with equal effect. These processes, procedures, disciplines and criteria can be applied to any firm, no matter its size – whether they employ just a few people or many thousands. It can also be used by companies to set up their own Quality Management System and can form the basis for assessing an organisation’s Quality Management System (i.e. to ensure that a supplier or service industry has the ability to provide satisfactory goods and/or services).

But What Is a ‘Small Business’?! A small business is a business that is independently owned and operated, with (obviously!) a small number of employees and relatively low volume of sales. Small businesses can be involved in all aspects of design as well as the manufacture, supply, installation and maintenance of products, services and information technology. They are normally privately owned corporations, partnerships, or sole proprietorships. The legal definition of ‘small’ varies between countries, but within the European Union, the official definition of a Micro, Small and Medium-sized Enterprise (SME) – as provided by Directive 2003/361/EC – is: Enterprise category Headcount

Turnover

or

Balance sheet total

Medium-sized