ISO 9001 Quality Management Systems: Implementation and Integration

Sample
ISO 9001 Quality Management Systems
Implementation and Integration
www.stpub.com

© STP
ISO 9001 Quality
Management Systems:
Implementation and
Integration

© STP
ISO 9001 Quality
Management Systems:
Implementation and
Integration
Aguide to assist organizations
in successfully implementing,
integrating and maintaining
an effective ISO 9001
program

© STP
Users of This Guide
Include
• Manufacturers
• Service organizations
• Companies whose supply
chains require certification
• Hotels and resorts
• Construction and
engineering firms
• Software developers
• QMS auditors
• And many more…

© STP
Features of This Guide
• Authored by an experienced
auditor and expert in EHS
and quality management
systems
• Presents the author’s unique
“Identify-Insure-Improve”
approach
• Summarizes the clauses and
requirements of ISO 9001
• Describes the steps to
develop and implement an
initial internal audit

© STP
Features of This Guide
• Explains how to review and
improve processes, and
implement corrective and
preventive action
• Presents sample documents,
forms and a manual adaptable
to users’ own systems
• Includes checklists and
recommended tasks
• Explains how to integrate
ISO 9001, ISO 14001 and
OHSAS 18001 programs

© STP
Comprehensive Topic
Areas
• Overview of the ISO 9001
Standard
• Three-step Identify-Insure-
Improve process model for
implementing a QMS
• Recommended methods for
auditing a process system
• Preventive and corrective
action
• Managing for continual
improvement

© STP
Comprehensive Topic
Areas
• Registration and self-
declaration of compliance
• Automotive industry (TS
16949)
• Medical device
manufactures (ISO 13485)
• Project managers (ISO 1006)
• Unifying ISO 9001 and
environmental and health and
safety management systems

© STP
Features – Explanatory
Text
Summarizes the clauses and
requirements in easy-to-
understand terms

© STP
Sample Explanatory
Text
Chapter 6
Four Basic Questions to Ask About Every Process
When an organization audits its Quality Management System, the ISO
9000 Fundamentals and Vocabulary states that there are four basic
questions that should be asked related to every process being evaluated
by an organization:
1. Did the organization identify and define the process? (4.1)
2. Did the organization define and assign responsibilities for the
process?
3. Have procedures been implemented and maintained?
4. Is the identified process effective in accomplishing and
attaining the results required?
In addition, the following questions would be excellent for internal
auditors to review when auditing their system.
• What are the inputs to this process? Are there supporting
documents, procedures, and work instructions for it? What are the
related customer requirements?
• What are the identified risks and legal requirements of this process?
• What objectives have been set for this process?
• Is there evidence that the process is being carried out as planned?
4.1
• Are personnel aware of the policy statement and its meaning to
their job? 5.3
• Are adequate resources and infrastructure provided for the process?
6.1, 6.3 Any outsourcing of services, equipment? 4.1
• Are competency requirements defined for the process? 5.5.1, 6.2.2
• Are actions taken for continual improvement? 4.1f, 8.5.1 of process
See also Figure 6-3: Pilot’s 3 I’s Method for Process Audits in this
chapter.

© STP
Features – Checklists
Follow the Identify-Insure-
Improve approach for
implementing and
maintaining a QMS to
ISO 9001 requirements

© STP
Sample Checklist
Checklist 5A
ISO9 4/09 ©STP Checklist 5A-3
 7. Measurement, Analysis and Improvement (8)
 7.a Monitoring and Measurement (8.2)
 7.a.1. Customer Satisfaction (8.2.1)
 7.a.2. Processes (8.2.3)
 7.a.3. Product (8.2.4)
 7.b Control of Nonconforming Product (8.3)
 7.c. Analysis of Data (8.4; 8.2.1;7.2.1)
 Areas to Monitor (Some Examples)
 Customer Satisfaction
 Business Operations
 Financial Control
 Legislation—Compliance
 Purchasing—Raw Materials Acquisition—Subcontractor
Control
 Best Available Technology
 Industry Trends
 Operational Control—Customer Complaints, Procedures—
Manuals—Policies, Forms,
 Analysis—Data
 Personnel—Supplier Performance
 Internal/Subcontractor—Identified, Competent, Trained,
Performance
 Quality—Objectives and Targets
 Continual Improvement
 Processes
 Quality
 Statistical Techniques
 Design
 Nonconformances

© STP
Features –
Recommended Tasks
Break down the requirements
of ISO 9001 clauses into a
series of practical steps

© STP
Sample Recommended
Task
5-80 ISO9 4/09 ©STP
Task 6 B cont’d.
 Purchasing (7.4)
 Information (7.4.2)
• Purchasing information shall describe the product to be
purchased.
• Insure adequacy of specified purchasing requirements
prior to communication with supplier.
• Describe the product to be purchased and where
appropriate include requirements for:
— approval of product, procedures, processes and
equipment, qualification of personnel, and quality
management system.
7.4.2 Purchasing Information
Your organization will insure that the purchasing information shall
include the requirements for generating and issuing approval of
products whether manually, non-automated, or automated.
When an organization receives a request for a purchase order for
purchasing a product or service, they will determine an appropriate
supplier to fulfill the order and complete the necessary paperwork.
All orders are reviewed to insure that the information describing the
product or service to be ordered is completed, including requirements
for the approval of the product, procedures, processes, equipment, and
personnel and for QMS requirements.

© STP
Features – Model
Forms
Provide examples of
procedures, documents and
forms that demonstrate
compliance

© STP
Sample Model Form
Chapter 5
5-30f ISO9 11/12 ©STP
Figure 5-4 Record Control Log
Record Name
(Alphabetical order)
Document
Control #
Person
Responsible
Retention
Record
Format
Location Access Given To
Calibration records -
lathing equipment #101
CR-101-xx Production or
Quality Control
manager
5 years Hard
copy
Production
department
Production staff
and quality
Corrective action reports
for internal audit (year)
CCR-IAR-
(year)-xx
Management
representative
7 years Electronic Quality department All managers
Customer complaint
reports (year)
CCR-
(year)-xx
Customer
service manager
7 years Electronic Customer files -
Customer service
Quality staff auditors
and all managers
Internal audit report
(year)
IAR-(year) Management
representative
7 years Electronic Quality department Quality staff, auditors
and all managers
ISO 9001 orientation
training checklist
Orient-
train
Management
representative
Duration of
employment + 1 year
Hard
copy
Personnel file -
human resources
All managers
Management system
review minutes (year)
Mgmtrev-
(year)
Management
representative
5 year Electronic Quality department Executive managers
Operation’s training
matrix
Ops-train Department
manager
Duration of
employment + 1 year
Electronic Personnel file -
human resources or
department managers
All managers
Supplier corrective action
reports (year)
SCAR-
(year)-xx
Purchasing
manager
7 years Hard
copy
Supplier files -
purchasing
Purchasing staff
Note: All hard copy records are disposed of by shredding and electronic records are disposed of via deletion.

© STP
Features – Model QMS
Manual
Offers an example of a
complete QMS manual
containing all components
required by ISO 9001

© STP
Sample Model QMS
Manual
ISO9 12/08 ©STP Intro-1
Introduction to ISO 9001:2008
Organizations today are exposed globally with regards to their business
management systems for quality. Successful businesses focus on
managing risks and building improved quality operating systems for
business sustainability and to satisfy customer requirements. By
managing, controlling and improving their management system(s), they
operate more effectively and efficiently, improving “Performance,
Productivity and Profits”© — Pilot’s Three P’s.
International standards have become an important framework for
conducting and improving one’s business. An ISO 9001 quality
management system is the base of any business, whether large or small.
Through its many associations, the business community has come
forward to support these standards in over 170 countries. Over the
years, government regulatory reform initiatives and industry responses
to customer concerns and social issues have driven the standards to
improve quality on a global front, to criteria that is accepted around the
world.
This book is a resource for those who need to understand and/or
implement a quality management system conforming to the
International Standard – ISO 9001, which is based on customer
satisfaction, leadership, a process approach and involvement of
competent people.
Since 2002, this book has been used by Fortune 500 companies,
government departments, small- and medium-sized industries in North
America, utilizing Pilot’s simple Three Step process approach.
The “Three Step” process approach, (Identify, Insure, Improve), as well
as tools, such as control plans, checklists, gap analysis and a sample
manual are outlined to guide you in implementing your management
system and integrating it with other management systems such as
environmental, and health and safety management systems. (See
Chapter 7 for more details on system integration.)

© STP
Formats
• Online single-user
• Online multi-user
• Loose-leaf
• CD
• Loose-leaf & CD

© STP
Up to 4 updates per
year
Sample Release Notes
ISO 9001
QualIty ManageMent SySteMS
IMpleMentatIOn and IntegratIOn
Release # 134
NovembeR 2012
new and nOtewOrthy
• Has Your Organization Conducted a Survey on the
Costs Associated with Document Management?
This update outlines some of the costs and reference
tools associated with document management.
Document management is an important function
which helps to provide consistent information
(internal and external communications), to conform
to customer requirements and to improve the quality
of your service or product. The costs associated
with document management include time spent
developing the document (research, drafting,
approving, maintaining and updating content), as
well as filing and retrieving documents, and disposing
of the outdated printed copies. Each organization
determines the extent of its documentation and the
best format for producing and managing it. For details
of ISO 9001’s document management requirements,
see Chapter 5, Step Two: Insure.
hIghlIghtS Of thIS releaSe

© STP
The following pages are a
longer sample from
ISO 9001 Quality
Management Systems:

ISO9 12/08 ©STP 2-1
2
ISO 9001 Requirements
Eight Principles of Quality Management
The Quality Management System for ISO 9001 is based on the Eight
Management Principles outlined in this chapter. These are referenced
from ISO 9000:2005, Quality Management Systems Fundamentals and
Vocabulary,1
which outlines the fundamentals of quality management.
Each principle is followed by an explanation of how adhering to the
principles can provide value to your organization.
Top management can use these principles as a framework to guide
them in improving performance and achieving organizational
excellence. These principles are derived from the ISO technical
committee responsible for developing and maintaining the ISO 9000
Standards—ISO/TC176, quality management and quality assurance.2
Space is provided after each principle for you to note how your own
organization’s principles follow the ISO Standard.
1
“International Standard ISO 9000, Third edition September 2005, Quality Management
Systems—Fundamentals and Vocabulary,” International Organization for
Standardization, Geneva.
2
See www.iso.org/iso/iso_technical_committee?commid=53882.

Chapter 2
2-2 ISO9 12/08 ©STP
Principle 1—Customer Focus
“Organizations depend on their customers and therefore should
understand current and future customer needs, should meet customer
requirements and strive to exceed customer expectations.”
Key benefits:
• identifies and understand customer’s needs,
• insures that customer’s needs and expectations are met,
• increases the effectiveness of your organization’s resources,
• improves operational management to meet customer needs,
• insures personnel have knowledge and skills to satisfy customer
requirements, and
• improves customer loyalty for repeat business and increases
revenue and market share.
Communication of customers’ needs throughout the organization,
together with the monitoring and measurement of their requirements
will insure a balanced approach to meeting customer expectations for
products, delivery, price, and dependability,
Once customers’ needs and expectations are identified, objectives
should be set that are in tune with those needs. These objectives need
to be communicated throughout your organization and evaluated to
insure that they are met. Meeting your objectives will insure that
relevant goals and targets are linked to customer needs and
expectations, providing customer satisfaction and continually
improving your customer focus.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

ISO9 4/02 ©STP 2-3
Principle 2—Leadership
“Leaders establish unity of purpose and direction of the organization.
They should create and maintain the internal environment in which people
can become fully involved in achieving the organization’s objectives.”
Key benefits: By considering the needs of interested parties including
customers, employees, suppliers, shareholders and local communities,
your organization establishes and communicates a clear vision, a
quality policy, objectives and targets, with a strategy to attain them.
Leadership will provide shared values, translate the vision into
measurable goals and targets, and provide ethical role models at all
levels of the organization, building trust and open communication. Top
management will provide resources for human development and
training, and provide employees with the freedom to act with defined
responsibility and accountability. Interested parties will be recognized
for their contributions, building and encouraging quality and continual
improvement.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

Chapter 2
2-4 ISO9 4/02 ©STP
Principle 3—Involvement of People
“People at all levels are the essence of an organization and their full
involvement enables their abilities to be used for the organization’s
benefit.”
Key benefits: When personnel within your organization are em-
powered, they are more willing to accept ownership of problems and
will strive to find methods to resolve them. Given the responsibility,
they will seek opportunities to enhance and share their competence,
knowledge and experience, becoming a motivated, committed and
involved group, accountable for their own performance. They will
openly discuss problems and issues for resolution.
They are eager to participate in and contribute to furthering the
organization’s objectives and continual improvement of customer’s
satisfaction. The successful involvement of people will depend on the
leadership of the organization.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

ISO9 2/10 ©STP 2-5
Principle 4—Process Approach
“A desired result is achieved more efficiently when activities and related
resources are managed as a process.”
Key benefits: Systematically identifying the key activities within the
functions of your organization, establishing the inputs and outputs of
each process and focusing on the resources and methods required to
achieve the desired results of the process, will assist in effective use of
resources, lowering costs and shortening cycle times.
The management of resources including personnel, materials,
equipment, monitoring and control equipment, information, and
infrastructure will provide improved, consistent and predictable
outcomes.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

Chapter 2
2-6 ISO9 2/10 ©STP
Principle 5—System Approach to Management
“Identifying, understanding and managing interrelated processes as a
system contributes to the organization’s effectiveness and efficiency in
achieving its objectives.”
Key benefits: A system approach focuses on your processes to achieve
defined objectives in the most effective and efficient way. A system
approach proves to others that you have consistency.
Organizations benefit as your employees have a better understanding of
their roles and responsibilities necessary to achieve these objectives.
With a system approach you identify your requirements and plan your
actions, understanding your organizational capabilities. You understand
what the capabilities and resource constraints are, prior to action, and
define what activities are needed within the system to operate. You
insure monitoring and measurement for continual improvement,
providing confidence to customers and interested parties as to the
consistency and effectiveness of your organization and its processes.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

ISO9 4/02 ©STP 2-7
Principle 6—Continual Improvement
“Continual improvement of the organization’s overall performance should
be a permanent objective of the organization.”
Key benefits: By insuring that continual improvement is a consistent
organization-wide approach, your organization will insure per-
formance, and provide a vehicle for seizing opportunities.
Continual improvement is an objective of strategic and business
planning, for all employees to improve their organization’s products,
processes and quality management system. Organizations can insure
this principle, by setting realistic and challenging improvement goals,
providing training on techniques for continual improvement of
products, processes and systems. It is a good idea to establish and
measure goals to track performance, encouraging and rewarding those
individuals contributing to improvements within the organization.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

Chapter 2
2-8 ISO9 4/02 ©STP
Principle 7—Factual Approach to Decision Making
“Effective decisions are based on the analysis of data and information.”
Key benefits: A factual approach to decision making gives you an
increased ability to review, challenge or agree with information,
enabling you to make the best decision possible at the time.
There are two reasons for the mistakes we make in life: inexperience
and lack of information. Effective decisions are based on insuring that
data and information are sufficient, that they are accurate and reliable,
and are provided easily to those who require it. Personnel can make
informed decisions, and have the resources to assist in providing the
correct evidence to support objectives and criteria needed to meet
requirements, whether they are to customer, organizational or
International Standard requirements.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

ISO9 12/08 ©STP 2-9
Principle 8—Mutually Beneficial Supplier Relationship:
“An organization and its suppliers are interdependent and a mutually
beneficial relationship enhances the ability of both to create value.”
Key benefits: Creating relationships with your suppliers forms a
partnership approach, where expertise and resources are pooled
together to create value for both parties. This partnership provides your
organization with optimization of both costs and resources.
Your organization needs to identify and select who these suppliers will
be. It is important to be selective when identifying these key suppliers
and insure that they will assist your organization to meet your
customer’s needs and expectations. Your relationship needs to be a
partnership with open and clear communication. Information should be
shared and changes made to improve activities in order to meet your
end results. It is important to encourage and recognize achievements
and improvements that support your quality management system.
Notes:
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________
______________________________________________________

Chapter 2
2-10 ISO9 12/08 ©STP
Terminology
Key Words: Process, Product, Quality
Table 2-1 outlines three key words: “process, product, and quality.”
For a complete explanation of the terminology, purchase the ISO
9000:2005, Quality Management Systems Fundamentals and
Vocabulary from your local standards body.

ISO9 12/08 ©STP 2-11
Table 2-1
Terminology: Process, Product, Quality1
Terms What are your
Organization’s processes,
products? These will be
outlined in your QMS
Manual.
Process 3.4.1
“set of interrelated or interrelating activities
which transforms inputs into outputs
Note 1: Inputs to a process are generally outputs
of other processes.
Note 2: Processes in an organization (3.3.1) are
generally planned and carried out under
controlled conditions to add value.
Note 3: A process where the conformity (3.6.1)
of the resulting product (3.4.2) cannot be
readily or economically verified is frequently
referred to as a “special process.”
Do you have a process
map(s) for your
organization’s operations?
- Macro and Micro
List document name(s) here.
Product - 3.4.2
“result of a process (3.4.1).
Note 1: There are four generic product
categories, as follows:
– Services (e.g., transport);
- Software (e.g., computer program, dictionary);
- Hardware (e.g., engine mechanical part);
- Processed materials (e.g., lubricant).
Most products comprise elements belonging to
different generic product categories. Whether
the product is then called service, software
hardware or processed material depends on the
dominant element. For example, the product
“automobile” consists of hardware (e.g., tires),
processed materials (e.g., cooling liquid),
software (e.g., engine control software, driver’s
manual), and service (e.g., operating
explanations given by the sales agent).”
What product(s) does your
organization provide to
customers?
1
“International Standard ISO 9000, Third edition 2005, Quality Management Systems—
Fundamentals and Vocabulary,” International Organization for Standardization, Geneva.

ISO9 12/08 ©STP 2-12
Note 2: Service is the result of at least one
activity necessarily performed at the interface
between the supplier (3.3.6) and customer
(3.3.5) and is generally intangible. Provision of
a service can involve, for example, the
following:
– an activity performed on a customer-supplied
tangible product (e.g., automobile to be
repaired);
– an activity performed on a customer-supplied
intangible product (e.g., the income statement
needed to prepare a tax return);
– the delivery of an intangible product (e.g., the
delivery of information in the context of
knowledge transmission);
– the creation of ambience for the customer
(e.g., in hotels and restaurants).
Software consists of information and is
generally intangible. It can be in the form of
approaches, transactions or procedures (3.4.5).
Hardware is generally tangible and is a
countable characteristic (3.5.1). Processed
materials are generally tangible and their
amount is a continuous characteristic. Hardware
and processed materials often are referred to as
goods.
Note 3: Quality assurance (3.2.11) is mainly
focused on intended product.”
Quality-3.1.1
“degree of a set inherent characteristics (3.5.1)
fulfils requirements (3.1.2).
Note 1: The term “quality” can be used with
adjectives such as poor, good or excellent.
How do you determine quality
control within your
organization?
Do you outline these on your
quality control plan, outlining
the characteristics and
requirements?

ISO9 12/08 ©STP 2-13
Note 2: “Inherent”, as opposed to “assigned”,
means existing in something, especially as a
permanent characteristic.”
3.5.1 Characteristic-
“distinguishing feature.
Note 1: A characteristic can be inherent or
assigned.
Note 2: A characteristic can be qualitative or
quantitative.
Note 3: There are various classes of
characteristic, such as the following:
- Physical (e.g., mechanical, electrical, chemical
or biological characteristics);
- Sensory (e.g., related to smell, touch, taste,
sight, hearing);
- Behavioral (e.g., courtesy, honesty, veracity);
- Temporal (e.g., punctuality, reliability,
availability);
- Ergonomic (e.g., physiological characteristic,
or related to human safety);
Functional, e.g., maximum speed of an
aircraft.”
3.1.2 Requirement-
“need or expectation that is stated, generally
implied or obligatory.
Note 1: “Generally implied” means that it is
custom or common practice for the
organization (3.3.1), its customers (3.3.5) and
other interested parties (3.3.7), that the need or
expectation under consideration is implied.
Note 2: A qualifier may be used to denote a
specific type of requirement, e.g., product
requirement, quality system requirement,
customer requirement.
Note 3: A specified requirement is one which is
stated, for example, in a document (3.7.2).
Note 4: Requirements may be generated by
different interested parties.”

Chapter 2
2-14 ISO9 12/08 ©STP
ISO 9001:2008 Requirements
The ISO 9001 standard focuses on the development of an effective,
efficient Quality Management System structure, and its continual
improvement, so that it meets customer, statutory and regulatory
requirements. The new standard added a note under Scope that
“statutory and regulatory requirements may be expressed as legal
requirements.” This has assisted in making the ISO 9001 more
compatible with the ISO 14001 standard for environmental
management systems, an important feature for those organizations
working to integrate the two systems.
The application of a system of processes within an organization,
together with the identification and interactions of these processes, and
their management to produce the desired outcome is referred to as the
“process approach.” The emphasis is on providing products or services
using this process approach to insure customer satisfaction and meeting
not only the customer requirements but legal requirements as well.
The following is an overview of the ISO 9001 element clauses. The
description of each element begins at Clause 4, as the first three clauses
pertain to Scope, Application, Normative References, and Terms and
Definitions.
The only exclusion you may have would be to element/clause 7 under
Product Realization. You may not perform any functions related to do
7.3—Design and Development. This exclusion needs to be outlined in
your quality manual. The exclusion can not affect the organization’s
ability or responsibility to meet customer requirements or statutory and
regulatory requirements.
ISO 9001 Elements or Clauses
1 Scope
1.1 General
1.2 Application
2 Normative Reference
3 Terms and Definitions

ISO9 2/10 ©STP 2-15
4 Quality Management Systems
4.1 General Requirements
4.2 Documentation Requirements
4.2.1 General
4.2.2 Quality Manual
4.2.3 Control of Documents
4.2.4 Control of Records
5 Management Responsibility
5.1 Management Commitment
5.2 Customer Focus
5.3 Quality Policy
5.4 Planning
5.4.1 Quality Objectives
5.4.2 Quality Management System Planning
5.5 Responsibility, Authority and communication
5.5.1 Responsibility and Authority
5.5.2 Management Representative
5.5.3 Internal Communication
5.6 Management Review
5.6.1 General
5.6.2 Review Input
5.6.3 Review Output
6 Resource Management
6.1 Provision of Resources
6.2 Human Resources
6.2.1 General
6.2.2 Competence, Training and Awareness
6.3 Infrastructure
6.4 Work Environment

Chapter 2
2-16 ISO9 2/10 ©STP
7 Product Realization
7.1 Planning of Product Realization
7.2 Customer-related Processes
7.2.1 Determination of Requirements Related to the Product
7.2.2 Review of Requirements Related to the Product
7.2.3 Customer Communication
7.3 Design and Development
7.3.1 Design and Development Planning
7.3.2 Design and Development Inputs
7.3.3 Design and Development Outputs
7.3.4 Design and Development Review
7.3.5 Design and Development Verification
7.3.6 Design and Development Validation
7.3.7 Control of Design and Development Changes
7.4 Purchasing
7.4.1 Purchasing Process
7.4.3 Verification of Purchased Product
7.5 Production and Service Operations
7.5.1 Control of Production and Service Provision
7.5.2 Validation of Processes for Production and Service
Provision
7.5.3 Identification and Traceability
7.5.4 Customer Property
7.5.5 Preservation of Product
7.6 Control of Monitoring and Measuring Equipment

ISO9 12/08 ©STP 2-17
8 Measurement, Analysis and Improvement
8.1 General
8.2 Monitoring and Measurement
8.2.1 Customer Satisfaction
8.2.2 Internal Audit
8.2.3 Monitoring and Measurement of Processes
8.2.4 Monitoring and Measurement of Product
8.3 Control of Nonconforming Product
8.4 Analysis of Data
8.5 Improvement
8.5.1 Continual Improvement
8.5.1 Corrective Action
8.5.1 Preventive Action

Chapter 2
2-18 ISO9 12/08 ©STP
Figure 2-1: ISO 9001 Element Detail Model

ISO9 12/08 ©STP 2-19
What are the Element Requirements?
Each element and sub-element of ISO 9001 is listed below with its
general requirements. For full documentation, you may wish to
purchase the ISO 9001 Standard from the standards body in your
specific country.
4 QUALITY MANAGEMENT SYSTEM
4.2 General Documentation requirements
4.2.1 General
4 QUALITY MANAGEMENT SYSTEMS
Define Scope
Your organization shall establish, implement, maintain, and continually
improve a QMS in accordance with the ISO 9001 Standard.
To implement your QMS, the organization shall:
a. IDENTIFY the processes needed for the QMS and their
application.
b. IDENTIFY sequence and interaction of these processes.
c. IDENTIFY criteria and methods required to insure effective
operation and control of these processes.
d. INSURE implementation of actions to achieve planned results,
ensuring availability of resources and information.
e. INSURE measurement, monitoring, analysis of these processes to
achieve planned results.
f. IMPROVE continually improve these processes.
Processes shall be managed by the organization in accordance with
ISO 9001 standard.

Chapter 2
2-20 ISO9 12/08 ©STP
Note: Outsourced processes (performed by external parties) that affect
product conformity with requirements shall be identified and controlled.
Control type may be influenced by factors such as the potential impact
of the activities on the product requirements and the controls on it.
Insure that controls are outlined in 7.4 purchasing, as well as under
legal and customer requirements.
The processes needed for your QMS should include processes for
management activities, provision of resources, product realization, and
measurement.
4.2 Documentation Requirements
4.2.1 General
Your organization must document and maintain its QMS. The QMS
documentation shall include:
a. a quality policy and objectives;
b. a quality manual;
c. documented procedures and records as required by the standard; and
d. documents and records required by the organization to insure
effective planning, operation and control of its processes.
Where the term “Documented Procedure” is indicated in the standard,
the procedure must be established, documented, implemented, and
maintained.
Documentation can differ from one organization to another due to size
and types of activities, complexity of processes and their interactions,
and competence of personnel.
Documentation can be in any form or type of medium.
Note: A single document may include requirements for one or more
procedures, or the requirement may be covered in a number of
documents.
Your organization will establish a quality manual that will describe the
scope of the system, including details of and justification for any
exclusions, and the core elements of your QMS and how they
interrelate. Documented procedures need to be referenced and include
a description of how the processes of the QMS interact.

ISO9 12/08 ©STP 2-21
The documents required for your QMS need to be controlled. You
need to develop a procedure to describe how you manage the
following:
a. Approve documents for adequacy, prior to issue.
b. Review, update as necessary, and re-approve documents.
c. Identify the current revision status of documents and insure
changes are identified.
d. Insure relevant versions of applicable documents are available at
points of use.
e. Insure documents remain legible, readily identifiable, and
retrievable.
f. Insure that documents of external origin determined by
organization to be necessary for planning and operation are
identified and their distribution controlled.
g. Prevent the unintended use of obsolete documents, and apply
suitable identification to them if they are retained for any purpose.
Documents defined as quality records shall be controlled.
Records shall be established, and controlled to provide evidence of
conformance to requirements and effective operation of the QMS. A
procedure shall be established to describe the control of quality records,
including:
a. how records are identified,
b. where they are stored and protected so as not to be lost or damaged,
c. retrieval of records,
d. what are their retention times,
e. who is responsible for maintaining them,
f. the maintenance of records, and
g. record disposal.
Records are kept to provide the proof (evidence) that activities have
taken place, tests have been conducted, and monitoring has been
completed. They should be legible, readily identifiable, and
retrievable.

Chapter 2
2-22 ISO9 12/08 ©STP
5 MANAGEMENT RESPONSIBILITY
5.2 Customer Focus
5.3 Quality Policy
5.4 Planning
5.4.2 Quality Management System Planning
5.5 Responsibility, Authority, and Communication
5.6.1 General
5.6.2 Review Input
5.6.3 Review Output
5 MANAGEMENT RESPONSIBILITY
Top management is responsible for developing and improving the
QMS. The commitment to meet customer requirements and
expectations needs to be communicated to the organization. Top
management shall provide evidence of its commitment to the development,
implementation and improvement of the quality system by:
• insuring that the importance of meeting customer, as well as
statutory and regulatory/legal requirements is communicated to the
organization;
• establishing a quality policy and quality objectives;
• insuring that everyone in the organization understands the quality policy
and objectives and how they relate to their own individual positions;
• conducting management reviews to assess how the system is
working and identify ways to improve it; and
• insuring the availability of necessary resources to assist the running
of the quality system.

ISO9 12/08 ©STP 2-23
5.2 Customer Focus
Top management shall insure that customer needs and expectations are
determined, converted into requirements, and fulfilled with the aim of
achieving customer satisfaction.
5.3 Quality Policy
Top management shall take the responsibility to define, implement,
maintain, and communicate their quality policy: The policy needs to:
• be appropriate to the purpose of the organization;
• include a commitment to comply with requirements—meeting
customer and statutory and regulatory requirements, as well as to
continually improve the effectiveness of the quality management
system;
• provide a framework for establishing and reviewing quality
objectives;
• be communicated and understood at appropriate levels in the
organization; and
• be reviewed for continual suitability.
5.4 Planning
Top management shall insure that quality objectives are established at
relevant functions and levels within the organization. The quality
objectives shall be measurable and consistent with the quality policy
including the commitment to continual improvement. Quality
objectives shall include those needed to meet product requirements (see
7.1).
5.4.2 Quality Planning
Top management shall insure that the planning of the QMS is carried
out to achieve the requirements given in 4.1—General Requirements
and Quality Objectives.
The integrity of the QMS needs to be maintained when changes are
planned and implemented.

Chapter 2
2-24 ISO9 12/08 ©STP
5.5 Responsibility, Authority, and Communication
Top management shall insure that responsibilities and authorities are
defined and communicated.
Top management will appoint a member of the organization’s
management who, irrespective of other responsibilities, will have the
responsibility and authority to:
• insure that the QMS is established, implemented and maintained in
accordance with the ISO 9001 and the organization’s requirements;
• report to top management on the performance of the system,
including needs for improvement; and
• insure promotion of awareness of customer requirements
throughout the organization.
The responsibility of a management representative may include liaison
with external parties on matters relating to the quality management
system.
Top management shall insure communication processes are established
to insure that communication takes place at various levels and functions
within the organization regarding its QMS and its effectiveness.
Such information can include the organization’s quality policy, its
objectives and targets, customer and other requirements, process
monitoring and measurement statistics, and audit results. A
communication plan will assist your organization to identify its
requirements and plan how it will achieve internal communications.
There are many tools that can be used for internal communication such
as emails, notice boards or bulletin boards, in-house newspapers,
suggestion boxes, or team meetings.

ISO9 12/08 ©STP 2-25
5.6.1 General
Top management shall review the QMS at planned intervals to insure its:
• continuing suitability,
• adequacy; and
• effectiveness.
The review shall include assessing opportunities for improvement and
changes to the organization’s QMS, to guarantee the quality policy is
adhered to and quality objectives met.
5.6.2 Review Input
Inputs to management reviews shall include current performance and
improvement opportunities. This input can come in the form of:
• internal and third-party audit results,
• customer feedback,
• process performance and product conformance reports,
• the corrective and preventive action system,
• follow-ups on nonconformances from earlier management reviews,
• improvement recommendations, and
• what changes could affect the QMS.
5.6.3 Review Output
The output from the management review shall include decisions and
actions related to improvement and effectiveness of the QMS, its
processes, and the product related to customer requirements and
resource needs.

Chapter 2
2-26 ISO9 12/08 ©STP
6 RESOURCE MANAGEMENT
6.2 Human Resources
6.2.1 General
6.2.2 Competence, Awareness, and Training
6.3 Infrastructure
6 RESOURCE MANAGEMENT
The organization needs to determine and provide the resources needed
to implement, maintain, and improve the effectiveness of the QMS, and
enhance customer satisfaction by meeting their requirements.
6.2 Human Resources
6.2.1 General
Personnel performing work affecting conformity to product
requirements (directly or indirectly) need to be competent.
Competency is based on:
• applicable education,
• training,
• skills, and
• experience.
6.2.2 Competence, Training and Awareness
Your organization shall identify competency for personnel performing
activities affecting conformity to product requirements (including legal
requirements), provide the training where applicable or other actions to
satisfy these needs, and insure necessary competency has been
achieved. You must insure that your employees are aware of the
relevance and importance of their activities and how they contribute to
the achievement of the quality objectives. Records must be maintained
on employees’ education, training, skills, and experience.

ISO9 2/10 ©STP 2-27
6.3 Infrastructure
Your organization shall identify, provide, and maintain the infra-
structure needed to achieve conformity to product requirements. The
infrastructure includes, as applicable, resources such as workspace,
buildings and associated utilities, process equipment (both hardware
and software), and supporting services such as communication,
information systems or transportation.
Your organization shall identify and manage the work environment to
achieve conformity to product requirements.
Work environment relates to the conditions under which work is being
performed. These conditions can include physical, environmental and
other factors, such as: lighting, noise, temperature, humidity or
weather. Note: Examples are not all-inclusive.

Chapter 2
2-28 ISO9 2/10 ©STP
7 PRODUCT REALIZATION
7.1 Planning of Realization Processes
7.2 Customer-Related Processes
7.2.1 Determination of Requirements Related to the Product
7.2.2 Review of Requirements Related to the Product
7.4 Purchasing
7.4.3 Verification of Purchased Product
7.5 Production and Service Provision
7.5.1 Control of Production and Service Provision
7.5.2 Validation of Processes for Production and Service
Provision
7.5.3 Identification and Traceability

ISO9 12/08 ©STP 2-29
7 PRODUCT REALIZATION
7.1 Planning of Product Realization
The organization shall plan and develop the processes they need for
product realization.
The planning of product realization should be consistent with the
requirements of the other processes of the organization’s QMS (see 4.1).
In planning product realization, your organization shall identify and
determine the following, as appropriate:
• quality objectives and requirements for your product(s);
• establish processes and insure documentation;
• provide resources specific to the product;
• verification and validation activities to meet the requirements;
• monitoring, measurement, inspection and test activities specific to
the product and the criteria for product acceptability; and
• records needed to provide evidence of the processes and product
meeting the requirements (4.2.4).
Note: A quality plan – a document specifying the processes of the
QMS (including the product realization processes) and the resources to
be applied to a specific product, project or contract.
You may also apply the requirements given in Design (7.3) to the
development of the product realization process.

Chapter 2
2-30 ISO9 12/08 ©STP
7.2 Customer-related Process
7.2.1 Determination of requirements related to the product.
Your organization shall determine:
• requirements specified by the customer; requirements for delivery,
and post-delivery activities;
• requirements not stated by the customer but necessary for intended
or specified use;
• regulatory and statutory product requirements; and
• any other requirements that are determined by the organization.
Note: Post delivery activity examples: include: warranty provisions,
contractual obligations, maintenance services, and recycling or final
disposal.
7.2.2 Review of Requirements related to the Product
Your organization shall review the product requirements prior to a
commitment to supply the product to the customer (i.e., submission of
tender, acceptance of contracts or orders, acceptance of changes to
contracts or orders). Your organization must insure that they:
• Define product requirements.
• Resolve contract or order requirements differing from those
previously expressed.
• Have the ability to meet defined requirements.
• Where the customer provides no documented statement of
requirements, insure clear understanding of what is required. The
customer requirements shall be confirmed before acceptance.
• Maintain records of the results of review and subsequent follow-up
actions (4.2.4).
• Amend documentation when product requirements are changed.
Inform relevant personnel of changed requirements.
Your organization must identify and implement effective
communication with customers relating to:
• product information;
• inquiries, contracts, or order handling (including amendments); and
• customer feedback, including customer complaints.

ISO9 12/08 ©STP 2-31
Your organization shall plan and control the design and development of
your product(s). Design and development planning shall include:
• stages of design and/or development;
• review, verification, and validation activities appropriate to each
design and/or development stage; (Note: may be conducted and
recorded separately or in combination.) and
• responsibilities and authorities for design and development
activities.
Insure that your organization shall manage the interfaces between all
groups involved in design and development (from customers to
contractors to your own employees) to insure effective communication
and clarity of responsibilities.
Planning output shall be updated, as appropriate, as your design and
development progresses.
Your organization shall identify inputs relating to product requirements
and maintain records (4.2.4) including:
• functional and performance requirements,
• applicable regulatory and statutory requirements,
• applicable information derived from previous similar designs, and
• any other requirements essential for design and development.
These inputs shall be reviewed for adequacy and completeness and to
insure that these requirements are not ambiguous or in conflict with
each other.
Outputs of design and development shall be provided in a form that
enables verification against the design and development input. Design
outputs shall be approved prior to release.
Design and development outputs should:
• meet the input requirements;
• provide the necessary information for purchasing, production,
service;

Chapter 2
2-32 ISO9 12/08 ©STP
• contain or reference product acceptance criteria; and
• specify characteristics of product that are essential for safe and
proper use.
Note: Preservation of product details can be outlined in production and
service provision
Systematic reviews should be performed at suitable stages in the design
and development process, in accordance with your planned
arrangements (7.3.1). These reviews conducted by those
representatives of functions concerned with design and development
stages should evaluate the ability of the results of design and
development to meet the set requirements and identify any problems
and propose necessary actions. Records of these reviews should be
maintained along with the action items required.
Verify that the design and development outputs meet input
requirements needs to be documented (4.2.4) and any action items
arising also need to be recorded and maintained. Verification shall be
performed in accordance with planned arrangements (7.3.1).
Validation of design and development shall be performed in accordance
with planned arrangements (7.3.1) to insure that the resulting product is
capable of meeting the requirements for the intended use or specified
application. Validation shall be completed and recorded wherever
possible, prior to the delivery or implementation of the product.
Records of results and any necessary actions shall be maintained.
Identify, document, and control design and development changes and
necessary actions and maintain records. Review, verify, and validate as
appropriate and approve the changes before implementation. This
review of design and development changes shall be documented and
includes evaluation of the effect of the changes on constituent parts and
products already delivered.

ISO9 2/10 ©STP 2-33
7.4 Purchasing
7.4.1 Purchasing Process
Your organization shall control its purchasing processes to insure
purchased product conforms to specified requirements. The type and
extent of control applied to suppliers and product shall be dependent
upon the effect they have on product realization or the final product.
Suppliers should be evaluated and selected, based on their ability to
supply product in accordance with the organization’s requirements.
Your organization needs to establish the criteria for selection,
evaluation, and re-evaluation. Records shall be maintained of the
results of evaluations and any necessary actions.
Your organization shall inform your suppliers on purchasing
information describing the product(s) to be purchased, including, where
appropriate, the requirements for approval of:
• product,
• procedures,
• processes,
• equipment,
• qualification of personnel, and
• quality management system requirements.
Insure adequacy of specified requirements prior to their communication
to the supplier.
7.4.3 Verification of purchased product
Your organization shall establish and implement inspection or other
activities for insuring that the purchased product meets specified
purchase requirements.
Intended verification arrangements and methods of product release
should be stated within the purchasing information.

Chapter 2
2-34 ISO9 2/10 ©STP
7.5 Production and Service Provision
7.5.1 Control of Production and service provision
Your organization shall plan and carry out your production and service
provision under controlled conditions. These conditions shall include:
• insuring availability of information that describes the product
characteristics,
• insuring availability of work instructions as necessary,
• use of suitable equipment,
• availability and use of equipment for monitoring and measurement,
• implementation of monitoring and measurement, and
• implementation of release, delivery, and post-delivery activities.
7.5.2 Validation of processes for production and service provision
Your organization shall validate any process for production and service
provision where the resulting output cannot be verified by monitoring
and measurement. This includes processes where deficiencies only
become apparent after the product is in use or service has been
delivered.
Your organization shall establish arrangements for these processes, as
applicable:
• defining criteria for review and approval of processes,
• approval of equipment and qualified personnel,
• using specific methods and procedure,
• record requirements—validation, and
• re-validating the production and service processes.
7.5.3 Identification and traceability
The product, where appropriate, should be identified by suitable means
throughout product realization. Your organization shall identify the
product status related to monitoring and measurement requirements.
Identify where traceability is a requirement and control and maintain
records of the unique identification of the product.
Note: In some industry sectors, configuration management is a means
for identification and traceability.

ISO9 2/10 ©STP 2-35
Your organization shall exercise care with customer property that is
under your control or being used by your organization. Customer
property should be identified, verified, protected, and safeguarded.
Lost, damaged or unsuitable property shall be reported to the customer
and records maintained. Customer property can include intellectual
property and personal data.
Your organization shall preserve conformity of product(s) and
constituent parts during internal processing and delivery to intended
destination to maintain conformity to requirements.
This preservation shall include identification, handling, packaging,
storage, delivery, and protection.

Chapter 2
2-36 ISO9 2/10 ©STP
Your organization shall identify the monitoring and measurement
requirements and equipment needed to provide evidence of conformity
of the product to determined requirements (see 7.2.1) and insure that
they are carried out in accordance with these requirements.
Measuring equipment shall insure valid results and must meet the
following criteria. Equipment must be:
• calibrated or verified at specified intervals, or prior to use.
Measurement standards traceable to international or national
measurement standards must be used. Where no such standards
exists, you must record the basis used for your calibration or
verification;
• adjusted or re-adjusted as necessary;
• identification of calibration status;
• safeguarded from adjustments that would invalidate the
measurement result; and
• protected from damage and deterioration during handling,
maintenance and storage.
In addition, your organization shall assess and record the validity of
previous measuring results, when equipment is found not to conform to
requirements. Your organization needs to take appropriate action on
the equipment and any product that was affected by the
nonconformance. You are required to record and maintain the results
of calibration and verification.
The ability of computer software to satisfy the intended application
shall be confirmed prior to initial use and reconfirmed as necessary
when used in the monitoring and measurement of specified
requirements (verification and configuration management –
maintaining suitability for use).

ISO9 5/12 ©STP 2-37
8 MEASUREMENT, ANALYSIS, AND IMPROVEMENT
8.1 General
8.5 Improvement
8 MEASUREMENT, ANALYSIS, AND IMPROVEMENT
8.1 General
Your organization shall plan and implement the monitoring,
measurement, analysis, and improvement processes needed to confirm
conformity of the:
• product requirements,
• QMS, and
• continual improvement of the effectiveness of the QMS.
You need to identify the applicable methods, including statistical
techniques, and the extent of their use.

Chapter 2
2-38 ISO9 5/12 ©STP
As one method of measuring the performance of the QMS, your
organization shall monitor information relating to customer perception
(input from sources such as customer satisfaction surveys, opinion
surveys, lost business reports, warranty claims, dealer reports) as to
whether the organization has met customer requirements. Identify the
methods for obtaining and using this information for meeting and
improving customer requirements.
Internal audits shall be conducted at your organization, at planned
intervals, to determine whether the QMS conforms to specified criteria
(i.e., ISO Standard) and is effectively implemented and maintained
meeting the following:
• planned arrangements (see 7.1),
• requirements of this International Standard, and
• QMS requirements established by the organization.
An audit program shall be planned and documented in a procedure.
The audit criteria, scope, frequency, and methods need to be defined, as
well as the roles and responsibilities and requirements for planning,
conducting, reporting, and maintaining records for the audits and their
results. Selection of auditors and conduct of audits shall insure
objectivity and impartiality of the audit process. Auditors shall not
audit their own work. When planning the audit, take into
consideration the risks, the status and importance of the processes and
areas to be audited, as well as the results of previous audits.
Management responsible for the area being audited will insure that
actions are taken without undue delay to eliminate the detected
nonconformances addressed from the audit and their causes. Follow-up
activities shall include verification of actions taken and reporting of
verification results (see 8.5.2 Corrective Action).
Note: Refer to the International Standard’s guideline for auditing ISO
19011:2011—“Guidelines for Auditing Management Systems.”

ISO9 12/08 ©STP 2-39
Your organization shall apply suitable methods for monitoring and
where applicable, measurement of the QMS processes in relation to
impact on its product requirements and effectiveness of QMS
(quantifying risks – take into consideration the status of the importance
of the process), to demonstrate the ability of the processes to achieve
planned results.
Corrections and corrective action(s) will need to be taken, as
appropriate when planned results are not achieved.
Your organization shall monitor and measure the characteristics of the
product to verify that product requirements have been met according to
planned arrangements. This shall be carried out at appropriate stages of
the product realization process.
Evidence of conformity with the acceptance criteria needs to be
maintained. Records will indicate the person(s) authorizing release of
the product for delivery to the customer (see 4.2.4 Control of Records).
You must insure that product release and service delivery does not
proceed until all the planned arrangements (see 7.1 Planning of Product
Realization) have been completed satisfactorily, unless approved by a
relevant authority, and where applicable, the customer.

Chapter 2
2-40 ISO9 12/08 ©STP
Your organization shall identify and control product(s) that do not
conform to product requirements to prevent unintended use or delivery.
Establish a documented procedure to define the controls and related
responsibilities and authorities for dealing with nonconforming
product. The standard outlines that organizations shall deal with
nonconforming product, where applicable, by one or more of the
following ways, taking action to:
• Eliminate the detected nonconformity.
• Preclude its original intended use or application.
• Authorize its use, release or acceptance under concession by a
relevant authority and, where applicable, by the customer.
• Take action appropriate to the effects, or potential effects, of the
nonconformity when the nonconforming product is detected after
delivery or use has started.
Insure that records of the nonconformities and actions taken, including
concessions obtained, are documented and maintained (see 4.2.4).
Nonconforming product that has been corrected needs to be re-verified
to demonstrate conformity to the requirements.

ISO9 12/08 ©STP 2-41
Your organization shall determine the suitability and effectiveness of
your QMS and evaluate where continual improvement can be made.
To accomplish this you will need to determine, collect and analyze
appropriate data generated as a result of monitoring and measurement
and from other relevant sources.
Analysis of data will provide information on the following:
• customer satisfaction (see 8.2.1);
• conformance to product requirements (see 7.2.1);
• characteristics and trends of products and processes, including
opportunities for preventive action; and
• suppliers.
8.5 Improvement
Your organization shall continually improve the effectiveness of its
QMS through the following clauses (sometimes referred to as
elements):
• quality policy (5.3),
• quality objectives (5.4.1),
• internal audit (8.2.2),
• analysis of data (8.4),
• corrective action (8.5.2),
• preventive action (8.5.3), and
• management review (5.6).

Chapter 2
2-42 ISO9 12/08 ©STP
Your organization shall document a procedure on dealing with
nonconformities. The organization shall take action to eliminate the
cause of nonconformities in order to prevent recurrence. Corrective
actions need to be appropriate to the effects of the nonconformities
encountered.
In your documented procedure define how you handle the following
requirements:
• Review nonconformities (including customer complaints).
• Identify causes of nonconformities.
• Evaluate the need for action to insure that nonconformities do not
recur.
• Determine and implement the corrective action needed.
• Record results of action taken (see 4.2.4).
• Review of corrective actions taken.
A documented procedure shall be written to define how you manage
preventive actions, to eliminate the causes of potential nonconformities
in order to prevent their occurrence. Preventive actions need to be
appropriate to the effects of the potential problems.
In your documented procedure, describe how you deal with the
following:
• Identify potential nonconformities and their causes.
• Evaluate the need for action to prevent occurrence of
nonconformities.
• Determine and implement action(s) needed.
• Record results of action(s) taken (see 4.2.4).
• Review of preventive action taken.

© STP
Contact Information
• Toll Free: 1-800-251-0381
• Phone: 1-604-983-3434
• Email: stpsales@stpub.com
• Visit: www.stpub.com

© STP
Related Publications
• ISO 14001 Environmental
Management Systems: A
Complete Implementation
Guide
• 18001 Health and Safety
Management Systems: A
Complete Guide to OHSAS
and VPP Implementation

© STP
About STP
Premier publishers of practical
interpretive technical guides for
compliance and risk reduction,
serving North American and
global business leaders, audit
managers and other
professionals.
STP publications offer
comprehensive, up-to-date
guidance on key issues and
help ensure compliance with
standards and regulatory
requirements.

ISO 9001 Quality Management Systems: Implementation and Integration

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie ISO 9001 Quality Management Systems: Implementation and Integration

Ähnlich wie ISO 9001 Quality Management Systems: Implementation and Integration (20)

Mehr von Specialty Technical Publishers

Mehr von Specialty Technical Publishers (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

ISO 9001 Quality Management Systems: Implementation and Integration