People have been making mistakes for tens of thousands of years. Since the industrial revolution, the impact of certain mistakes has grown immensely. Before the industrial revolution, a dull tool used in machining a part would likely only impact one part—since parts were made one at a time. With the advent of mass production, a dull tool used in machining could impact hundreds of parts.

ISO 9000 is written by quality professionals all over the world, professionals who have had a lot of experience with industrial mistakes and problems caused by poor control over processing. So, ISO 9000 can be viewed as a collection of situations that need to be controlled in order to avoid well-known sources of quality problems. In fact, each and every requirement of ISO 9001 is intended to promote adequate control over organizations’ operations and improvement of organizations’ processes.

Taking the requirements of ISO 9001 in order and treating them very generally, let’s incorporate each of the requirements into the phrase: “If you don’t x, you can expect quality problems.” (For comedic relief, you might imagine the following list as being akin to Jeff Foxworthy’s, “If you x, you might be a redneck.”)

• If you don’t have a system to manage quality, you can expect quality problems. In other words, if you have no systems in place to ensure quality in processing, processes will become idiosyncratic and dysfunctional. This will cause quality problems.
• If you don’t have any documented methods of operations, you can expect quality problems. Word of mouth might work for a while but as time passes, so do memories of what was agreed to be the right way to do it; as product requirements become more plentiful and complicated, processes used to realize such products need to be clearly defined and process documentation (e.g., drawings) is necessary—or else you will have quality problems. Can you imagine a (legal) organization that uses no documentation whatsoever?
• If you don’t control your process documentation and records, you can expect quality problems. If you have no controls over your documentation—which almost hard to imagine—people will make mistakes. Imagine no dates or revision levels on drawings or specifications; imagine random part numbers or order numbers; imagine people finding their work instructions blowing around in the parking lot. No control over records would mean that you could not retrieve any evidence of contractual agreements, no evidence of work completed, no evidence of inspection or test results, etc. Without adequate control over documents and records, you are going to have quality problems.
• If you don’t have top managements’ interest in quality, you can expect quality problems. If top management doesn’t drive it, don’t expect autopilot to take over. If management does not provide some mechanism for communicating the importance of quality, the importance of quality will not be communicated; if management does not plan quality assurance, management is effectively planning for quality problems; if management does not periodically review performance and establish goals for improvement, performance will not improve. Without management commitment, you are going to have quality problems.
• If you don’t determine and provide resources necessary to assure quality, you can expect quality problems. If incompetent human resources are involved, you will have problems. If the provided work spaces and equipment are inadequate or unreliable, you will have problems. If the work environment is such that it hinders processing or degrades product somehow, you will have problems.
• If you don’t plan product realization, you can expect quality problems. Without some idea of what to make, how to make it, how to check it, and how much to produce, you can expect problems.
• If you don’t understand what your customers want, you can expect quality problems. Failure to understand customer requirements will not fix itself internally during subsequent order processing. If you make promises to customers that you do not have the ability to fulfill, you will have problems—not just quality problems, but business problems.
• If you don’t control the process for designing products, you can expect quality problems. If inputs to the process are ill-defined and criteria for success are equally ill-defined, you will have design problems. If the outputs of design are not reviewed to determine their acceptability, i.e, they are not verified or validated to meet customer needs, you can expect quality problems. If you have no controls over design changes, you will have problems.
• If you don’t exert some control over suppliers or supplied product, you can expect quality problems. If you use unreliable suppliers and/or you don’t properly qualify and quantify product to be purchased and/or you do nothing to verify supplied product, you will have quality problems.
• If you don’t plan how each order will be processed, you can expect quality problems. If you don’t provide information describing the product or instructions to make the product, you will have problems. If suitable equipment is not provided to process work, you will have problems. If you don’t have inspection devices and you need them to determine conformity, you are going to have problems.
• If you don’t control processes resulting in product that cannot be verified to conform to requirements, you can expect quality problems. If you are building bombs or packing parachutes for a living, and you let just anyone off the street process work using whatever equipment they might be carrying, you are going to have problems. If you have no specified method for processing, you are going to have problems.
• If you don’t or can’t identify product you are working with, you can expect quality problems. If traceability is required and you cannot maintain it, you are going to have problems.
• If you don’t notify the customer that you smashed, lost, or otherwise ruined product they supplied to you, you can expect quality problems—at the very least dissatisfied customers.
• If you don’t make efforts to preserve product during processing, storage, and transport, you can expect quality problems. If you ruin product while working with it, allow it to spoil during storage, or fail to package it properly for shipment, you are going to have problems.
• If you don’t establish a par for processing performance, you can expect quality problems. Without measures revealing how well you are performing, you will not know how well you are performing. If you don’t know how satisfied your customers are, you don’t know how well you are performing; if you don’t know the degree to which working practice complies with established methods, you don’t know how well you are performing; if you don’t establish a par for processing and analyze actual performance against par, you don’t know how well you are performing; if you don’t measure or monitor your product to determine if it meets requirements, you don’t know how well you are performing. In this latter case, you don’t know if your product conforms to requirements, which will cause quality problems every time.
• If you don’t control nonconforming product, you can expect quality problems. If you continue to add value to product that doesn’t conform to requirement in the first place, or if you ship nonconforming product to customers, you can expect big problems.
• If you don’t analyze the measurement data you are collecting, you can expect quality problems. Unanalyzed data is not worth collecting.
• If you don’t improve upon what you do, you can expect quality problems. As tolerances become tighter and competition grows stiffer, improvement must be a permanent objective of any process—or else you will have problems.
• If you don’t take actions to eliminate the root causes of your problems, you can expect quality problems. If you simply correct errors and go on, you can expect the same errors to repeat themselves—resulting in the same old problems.
• If you don’t take actions to address potential problems, you can expect quality problems. If you don’t avoid them, you will experience them.

Such a broad question might best be answered, “It depends upon the circumstances.” It’s a bit like asking, “What does the law require?” The answer depends upon the situation in which it is being applied.

Let’s take part of ISO 9001:2008, 7.2.2 as an example:

“The organization shall review the requirements related to the product. This review shall be conducted prior to the organization”s commitment to supply a product to the customer (e.g. submission of tenders, acceptance of contracts or orders, acceptance of changes to contracts or orders) and shall ensure that:

a) product requirements are defined,

b) contract or order requirements differing from those previously expressed are resolved, and

c) the organization has the ability to meet the defined requirements.

Records of the results of the review and actions arising from the review shall be maintained (see 4.2.4).”

One organization might generate sales orders as evidence of successful review and acceptance of customer purchase orders. In this case, the above ISO 9001 requirements apply directly to that organization’s sales orders and to their respective customer purchase orders. Review activities resulting in accepted sales orders are also subject to these requirements. Since order review and acceptance is evidenced by the generation of sales orders, sales orders are regarded as quality records and must be maintained accordingly. In this case, the above ISO 9001 requirements may be construed as follows:

Before sales orders are generated, customer purchase orders must be reviewed to ensure that product requirements are defined, that any requirements differing from those previously expressed are resolved, and that the organization has the ability to meet those requirements. Records of sales orders must be maintained according to the requirements of ISO 9001:2008, 4.2.4.

Meanwhile in another organization, the evidence of successful review and acceptance of a customer’s purchase order might be order entry in “the PO Log.” In this case, ISO 9001 applies to the log and to the activities resulting in each log entry. So, in this case, the standard’s requirements might be construed as:

Before orders are recorded in the PO Log, customer purchase orders must be reviewed to ensure that product requirements are defined, that any requirements differing from those previously expressed are resolved, and that the organization has the ability to meet those requirements. The PO Log must be maintained according to the requirements of ISO 9001:2008, 4.2.4.

Par is a recognized standard for golf performance. It is applied at the end of every hole and at the end of every round. It is used to measure performance in terms of strokes. Golfers compare their performance against a standard to determine how well they golf relative to the established standard. Because other golfers use the same standard, golfers’ scores allow them to assess their performance not only relative to a standard, but also relative to other golfers.

A ruler represents a standard for linear measurement. This standard is applied to any linear object to discern its length in terms of defined (standard) units. In America, these standard units are inches.

A standard exists for each type of purebred dog breed, e.g., a standard poodle. Such standards describe established criteria pertaining to height, weight, color, coat, stop, etc. Using this standard, any purebred dog can be compared to its standard. One can conclude that her dog is heavier than standard or taller than standard, etc.

So a standard is an established set of criteria or a frame of reference against which individual cases can be assessed or measured.

ISO 9001 is an international standard for quality assurance. If par as a standard measures golf performance, and a ruler as a standard measures length, what does ISO 9001 as a standard measure? Answer: quality management systems. The standard is applied to organizations’ quality management systems to determine the degree to which these systems satisfy a given set of established criteria.

Any organization staying in business has some kind of system to keep afloat. The question here is whether or not the system is consistently applied and whether or not the system is robust enough to meet the established requirements of ISO 9001.

ISO 9001 requires that a system be in place to promote consistent control over processing, a system that continually improves process performance. Because it is a standard for quality assurance, its criteria pertain to processes affecting the quality of products or services offered to customers. An organization pursuing certification to ISO 9001 needs to demonstrate that its processes affecting quality are systemically managed. It requires a system of assuring quality, meaning that the processes involved are defined and operation of these processes is controlled to an appropriate degree to assure quality.

If an organization re-invents itself and its processes with the acceptance of each customer order, this inconstancy in processing will result in inconsistent performance, inconsistent product or service quality, and inconsistent customer satisfaction. Organizations operating such systems do not receive ISO 9001 certification.

ISO 9001 requires a system of processes to be defined, through with each customer order consistently flows, thus promoting consistency of processing, thereby promoting consistency in resulting product or service offerings. This results in consistently satisfied customers—which of course is good for business.

If a person told you that he was a better golfer than Tiger Woods, you would expect the person to prove it. If this person’s proof consisted of, “Because I say so,” you might not find this evidence compelling. Before believing this person, you would most likely want to know the person’s handicap—which is ultimately derived from the standard we know as par. Absent such objective evidence, how would we be able to tell how good Tiger is in the first place?

If a person told you that their organization would be an excellent supplier to your organization, you might want more than “Because I say so” as evidence. You might want to know if they are a fly-by-the-seat-of-their-pants type of organization, or if they actually have systems in place to assure quality. If a potential supplier can prove a system is in place, and that this system has been assessed and registered to ISO 9001, now you have some evidence of systemic quality management. This imparts confidence that your orders will be processed in a manner known to produce successful results.

by Keri Luka

Warning – Not All Calibration Certificates are Created Equal!

Does your company think that it has adequate evidence of calibration because it has official-looking calibration certificates neatly placed in calibration files? How closely have you looked at the external calibration records provided by manufacturers and contract calibration laboratories?

Buyer Beware!

Some equipment manufacturers are apparently selecting and calibrating a sample of equipment in a manufactured batch. If the sample equipment is within calibration, then the entire batch of manufactured equipment is issued calibration certificates. Unfortunately, Cavendish Scott Consultants frequently find companies that are unwittingly purchasing such equipment because they see the words certificate, conformity, or calibration in the catalogue narrative without first ensuring that the equipment has been individually calibrated to national or international standards.

Upon reviewing the manufacturer certificates, it”s easy to see how they can be confusing because many of them look official and often have titles like “Certificate of Conformity” and “Certificate of Calibration.” Often these certificates even include vague statements regarding the process of calibration by referencing Z540, ISO Guide 25 or even ISO 9000. However, if you look closely at these certificates, it is obvious that they are not valid calibration certificates since they do not include the references necessary to trace the calibration to national or international standards as required by ISO 9000 and data is not generally provided.

What can you do if you have such certificates stored in your files in support of your calibration system? Start by calling the distributor or manufacturer. Ask for copies of the calibration data, evidence of traceability to the national or international standard (this is a number) and the actual procedures used to perform the calibration. If such information can be provided, then you will have enough evidence to believe that the equipment was individually calibrated. If the information cannot be provided, then ask if you can return the equipment and purchase equipment with traceable calibration certificates. In the worst case scenario, you may need to segregate the equipment from use and send it to a contracted calibration company for re-calibration.

Review Outside Calibration Certificates!

Upon receipt of calibration services, companies should review the equipment to ensure that it was identified properly and matches the information provided on the calibration certificates. The certificates should be reviewed to ensure that the required information has been included on the documents as specified in their Purchasing Agreements.

All too often, companies completely rely on the certificates provided by contracted calibration companies without looking at the certificates with a critical eye. Don’t forget to verify the records that you receive from contracted calibration laboratories – it serves as your receiving inspection for the services rendered!

As you perform this record review, ask yourself some questions:

• Has the company provided a reference that allows you to trace the calibration to a national or international standard?
• Was the equipment received out of calibration?
• Did the calibration company provide you with the data to demonstrate the severity of the nonconformity?
• If not, how will you make valid decisions regarding the use of the equipment prior to submitting it for calibration?

Does the information provided by the calibration company make sense to you? Compare the certificate to the previous certificate or to other certificates for different equipment for continuity. Do you have enough details to make you feel comfortable that the calibration was indeed performed as contracted? Most reputable calibration companies will welcome your questions and will gladly explain their processes and certificates to you.

Ensure that Calibration Certificates are Available for Review!

Some companies are electing to allow contracted calibration companies to maintain their records of calibration for them. If your company utilizes this service and has minimal records on-site for your calibrated equipment, you should ensure that the calibration company can locate and provide all of the necessary calibration records at your request. Don”t forget that some registrars will review calibration in the afternoon on the last day of the assessment. In such cases, your company may need access to their records in minutes. It would be a little more than disappointing to fail an assessment because the calibration records were not made available for review!

To ensure that the calibration company understands your expectations, ensure that your requirements are clearly stated on your purchasing agreements.

Don’t forget to verify that the calibration company is able to provide you with the necessary records during internal quality audits by selecting a sample of the calibrated equipment, calling the calibration house, and asking for the corresponding records.

QS 9000 Calibration Companies and ISO Guide 25 – A New Requirement

While ringing in the New Year, QS 9000-certified companies are scratching their heads regarding their ability to locate ISO Guide 25-certified calibration companies so that they can remain in compliance with the standard.

If your company is trying to comply with QS 9000 you should be aware that the 3rd edition of the standard requires that external calibration companies be certified to ISO Guide 25 or a national equivalent. If you cannot locate a Guide 25-certified calibration company, then you need to try to locate a company that can provide evidence that they have been audited by an OEM customer or an OEM-approved second party and that they were found to meet the intent of ISO Guide 25.

Registrars have agreed that locating such calibration companies with the right credentials has been a problem but they are required to assess companies for compliance in spite of the difficulties.

An AIAG representative recently told Cavendish Scott that they have had a lot of complaints about the requirement because of the difficulty of locating such laboratories and the cost of sending inspection, measuring, and test equipment to laboratories in other states. The AIAG said that they are planning on publishing an official position on the requirement in the near future so keep an eye on their publication. That position has now been published as the official sanctioned interpretations of QS 9000. The new position is that the registrar need not enforce this requirement so long as the supplier has a plan in place, detailing how compliance can be achieved by Jan 1, 2001. That gives everyone a little more time to push those calibration sub-contractors to seek accreditation.

By Todd Vesty

One of the most daunting aspects of an ISO 9000 project is the documentation. Many managers stay awake nights with visions of ream upon ream of bureaucratic paperwork. Often, people are forced to re-visit old fears from high school English class, where their papers were not well received. While it is possible that these fears will be realized, it is not really necessary. There are several techniques that can make the process of creating a documented quality system easier, more effective and less intimidating.

These techniques range from simply using the appropriate tools, and applying the appropriate structure, to using the right personnel. As always, proper planning, clearly defining responsibilities, and controlling the process are imperative in its success. There are five areas that must be addressed in order to develop a quality system with the least headaches. These are process definition, structure, tools, format/grammar and flexibility.

Process Definition

Many pundits will tell you that each person at the company must write their own procedures in order for them to be effective and appropriate. They argue that no one knows the process better than the person who performs it every day and that if they are not the one’s to document it, they will have no ownership. While this argument has some merit, it only works well if everyone at your company is a capable writer with a proper word processor and has the time and inclination to write procedures.

The reality is probably that much of the staff, even those at management level, aren’t capable writers and don’t have access to or sufficient practice on word processors. Involving many people in the construction of a set of documentation will yield different styles, levels of detail, formats, etc. creating considerable problems for the person responsible for pulling it all together. This person has probably already invested considerable time and effort in the training and support of people who will likely never write another document for the organization. In addition, few people have the time to devote to procedure writing. Because of this, everyone’s involvement is a goal that is unachievable at most organizations.

Who then, should write the procedures? The company should designate a person who is responsible for the generation of procedures. That person should decide format and structure for the procedures and will do most, if not all of the writing. Designating a single person assures that the procedures are written in a timely manner without excuses and without people shirking their responsibilities. It also enables the company to assign a capable writer with the appropriate skills to determine the processes involved, identify the right level of detail, and document them in such a way as to avoid the “ownership” issue. Finally, having a single person write the procedures ensures that there is a consistent format and structure. This is one area where considerable benefit can be achieved with the use of an outside consultant. This frees up internal resources to focus on the key purposes of the business and ensures an expert job.

The remaining problem is how to write the procedures. The person writing the procedures must ensure that the process is accurately depicted. This is typically done by interviewing the staff in the area for which the procedure is being written. The interview is used to gather needed information about the process and to determine how compliant the process is. It also allows the staff to have input into the procedure, so they don’t feel “out of the loop” and can feel “ownership” of the documents once created. From the information gathered in the interviews, the writer writes the procedure, reviews and edits it with the staff.

Structure

Before writing the documentation, it is important to determine the structure. It is a very common mistake to get the structure wrong and usually occurs in two ways. The first is having too many, too few or improperly structured levels of documentation. The second is structuring the documentation around the standard as opposed to the business.

A proper ISO 9000 quality system is written in three levels. Level one consists of the Quality Policies. This usually takes the form of a Quality Manual. Level two consists of the standard operating procedures. Level three refers to the work instructions, checklists, forms, and other task specific documentation. This is the structure which has proven successful the world over and is alluded to in ISO 100013. Some consider that records are the fourth level, but this is not the case. Records are evidence of facts and history; they are not documents that are maintained up to date. Once a form is filled and filed away it is not pulled out a year later because the format of the form has changed. The format of the form is a level three document but once filled in, it becomes a record. Yes, records are part of the “documentation” of the system but it is a mistake to assign them a level and assigning them a level serves to confuse the important difference between and procedure and a record.

There is often some confusion about what a quality manual is. Often, the company will bundle its entire quality system including procedures and forms into one manual and call it the Quality Manual. Although this is one possible definition, it does not help an organized structure. A Quality Manual is a document that describes the policies for quality, defines the structure of the quality system and defines the structure of the organization and responsibilities for employees. It does not include detail of operations and should avoid the specifics of procedures.

A typical Quality Manual would include several sections. First, it would define the structure of the organization. It might do this by including and organizational chart and by defining the responsibilities of key personnel. It would also describe the structure of the documentation used in the quality system. Finally it would reiterate each requirement of the standards and state briefly how they will be addressed. In many cases, simple acknowledging the requirement and stating that they will be met is enough. Again, the Quality Manual is not the place to describe specific procedures.

This brings us to level two. Level two refers to the procedures. These describe how the company operates on a department by department basis. Procedures typically do not include detailed task specific, or order specific instructions but focus on the management level information. How is the department organized? What information is received? What happens with that information? What tasks are performed? What reviews take place? And where does information go or get filed?

When writing procedures, it is important to structure them around your business, not around the standard. Too many organizations take the easy route by generating one procedure for each element of the standard. If you don’t have a product identification and traceability department, then you shouldn’t have a product identification and traceability procedure. This requirement of the standard should be included in your other procedures where it applies. Consequently it is clear that when procedures have been structured around the standard, the system has been designed to gain compliance, not to add value to the way the company is organized and managed.

Level three refers to the detail oriented, lower level documentation. This might include checklists, blank forms, task instructions, blueprints, drawings or order specific documentation. It does not include completed forms or other records.

Tools

Documenting an entire system is a sizable task. Before embarking on such a task, it is helpful to gather the appropriate tools. First, this means a current word processor. Having a modern computer and word processor will pay for itself in cost savings and avoided frustration. The modern word processor includes automated spell checking, grammar checking, and many formatting features.

Before diving into procedure writing, it is important to know how to use these features on your word processor. Before starting, experiment until you are comfortable using the word processor’s features. By doing this, you will be able to incorporate these features into your first documents, rather than having to incorporate them later.

A variety of software tools are available to help generate and manage ISO 9000 documentation and systems. Generation software suffers the danger of leaving you with a boiler plate system, twenty procedures and focussing on compliance. Management software can be useful as the sophistication of the requirement increases. Managing large numbers of instruments internally might warrant calibration control software, for instance. However, considerable sophistication already exists in current word processors, spreadsheets and databases that come with your computer. These tools are often expensive, sometimes complicated and do not always yield the promise.

Format/Grammar

When writing procedures, there’s no need to be Ernest Hemmingway. Writing procedures does not require creativity or a huge vocabulary. In fact, all of these things can hurt the process more than help it. The best procedures are simple, clear and concise. All you need to remember is to avoid passive voice and avoid excessive wordiness.

Passive voice makes procedures difficult to read, and should be avoided when possible. For example:

The Packing List will be signed by the Receiver and entered into the system. (passive voice)

The Receiver will sign the Packing List and enter it into the system. (active voice)

As you can see, the passive voice sentence is less clear and is longer.

Excessive wordiness or the use of complex words also makes procedures difficult to read. It is important to keep procedures simple and appropriate for their audience.

The Receiver will be cognizant of any discrepancy in the materials prior to signing the Packing List. (difficult to understand)

The Receiver will note any damage or defect in the materials before signing the Packing List. (easier to understand)

Flexibility

Another common mistake when creating documentation is to create rigid procedures that are difficult to follow and maintain. Procedures should be written in a manner that they are flexible and don’t paint you into a corner. Also, they should avoid hard references, complex numbering schemes and other unnecessary bureaucracy.

Several hard references are shown below:

If a nonconformance is found, the employee will document it according to SOP 4.14. rev 5

If a nonconformance is found, the employee will document it according to SOP 4.14

If a nonconformance is found, the employee will document it according to section 5.5 of this procedure.

All of these references pose problems. The first one references a procedure by number and references a revision. That means that every time the referenced procedure is updated, this procedure would have to change also. This is difficult to maintain and likely to be forgotten. The second one references the procedure by number only. This eliminates the revision problem, but is still subject to number changes. It is also difficult for the reader to follow. The third one may seem simple enough, but it may still pose a problem. If a section was added to the procedure before section 5.5, then the number would change and the reference would be wrong.

A more appropriate method follows:

If a nonconformance is found, the employee will document it according to the Corrective Action Procedures.

This is clear to the reader and is unlikely to require changes.

Many companies number their procedures. This practice is not necessarily a problem. It does, however, have the potential for problems. The most common problem is the use of ISO 9000 section numbers (“SOP 4.5 – Document Control”, “SOP 4.18 – Training”). This may deem logical, but there may be instances where there are several different procedures that address a single ISO clause. There may also be instances where a single procedure addresses several ISO clauses. How would these be numbered? In addition, the year 2000 revision of the ISO 9000 standard does away with the 4.X numbering system. This will make 4.X numbering systems obsolete. If your document numbering system is cumbersome, eliminate it. ISO doesn’t require document numbering.

Finally, it is important to write procedures in a flexible manner so that they don’t restrict your employees unnecessarily. In short, don’t make a rule unless it’s necessary.

The employee will retrieve the document and will stamp it in the upper left corner with a red “obsolete” stamp.

The employee will retrieve the document and will clearly mark it as obsolete.

The first statement would mean that you would have to train all of your employees to stamp in red in the upper left corner. You would also have to ensure that the employees have access to red ink and a stamp. Even after taking these steps, it is likely that the procedure often isn’t followed. The second statement provides the same protection, but does not restrict the manner in which the employee complies. It is just easier to follow.

Conclusion

ISO 9000 documentation is an involved task – it has to be! Done properly it will add value to your business. Before embarking on your own documentation investigate the situation thoroughly and ensure you have expertise in the subject and time and resources to see the project through. It will save you a lot of time and effort.

Finally, do not make the mistake of starting with the work instruction documentation. This is the most common and wasteful mistake of ISO 9000 projects. ISO 9000 does not call for any level three, work instruction documentation, unless it is necessary – and if its necessary, it already exists. This type of documentation may add value by better defining processes or enhancing training, but you are not doing it for ISO 9000 compliance. Make sure you want it.