ISO 9001:2015 requires your organisation’s quality policy to be appropriate to both its purpose and context. This means that once your organisation has determined its context and the relevant requirements of its interested parties, Top Management must review the quality policy in light of that information.

You should review your organisation’s existing quality policy to determine whether it is appropriate to the context of the organisation and its purpose, that there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy. Top management should demonstrate that the quality policy is compatible with the strategic direction and context of the organisation, as required by Clause 5.1.1 b.

Your organisation will need to review its policies as necessary to ensure that any changes in context, interested parties or their requirements is reflected in the quality policy and whether your organisation’s objectives are affected (6.2.1 a). The policy does not have to include objectives but should create a framework for establishing them.

The policy should be stated in such a way that it shows you are working towards continual improvement. It should be reviewed and possibly revised to meet higher aspirations. Develop and implement a policy that is consistent with the company’s codes of conduct and business practices. The policy should be signed by Top Management and commit to:

• Preventing process loss or quality impacts;
• Complying with obligations and legal requirements;
• Promoting continual improvement;
• Adopting best practice;
• Creation of measurable and achievable targets for performance improvement;
• Providing resources to achieve targets;
• Communicating and consulting with all stakeholders regarding the QMS;
• Meeting customer requirements.

The standard does not require that the quality policy includes the words ‘continual improvement,’ however it must be clear that processes of continual improvement are implied and known throughout the organisation. To meet the intent of this clause, you simply need a clearly defined management system quality policy that is sufficiently detailed to provide a framework for the subsequent objectives which can be monitored for continual improvement.

It’s there to assist an organisation in meeting their business objectives, better customer satisfaction and eventually more market share, which, in time, brings more profits for the organisation. For multi-site/corporate certifications, the policy must be applicable for all sites and be fully integrated with the objectives.

​If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.
​
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Customer focus involves determining customer requirements and ensuring that processes exist to meet the requirements and achieve customer satisfaction. Enhance customer satisfaction by ensuring that customer requirements are identified.

The principal message that Top Management must convey is that the objective of the business is to satisfy your customers by ensuring a process exists to achieve the following:

• Identifying customer requirements;
• Meeting customer requirements;
• Enhancing customer satisfaction.

When auditing customer focus, you should assess whether customer satisfaction is adequately determined and whether appropriate corrective action is undertaken when things go wrong.

The customer feedback process should be audited as a process in its own right and not just as a clause in the standard. Determine how this process is planned, implemented and improved as these factors will affect the processes’ ability to provide meaningful information about the effectiveness of the management system.

Top Management must also ensure that customer and applicable statutory and regulatory requirements are identified and consistently met and that the focus on enhancing customer satisfaction is maintained.

Top Management must also determine and address the risks and opportunities that can affect conformity of products and/or services and the organisation’s ability to enhance customer satisfaction.

You should seek and record evidence that Top Management is taking a ‘hands-on’ approach to the management of the management system, so be prepared to constructively challenge Top Management’s commitment.

Top Management’s commitment can likely be demonstrated by their actions, and by their views on the what the Management System policies mean to the everyday activities of your organisation, as well as policies’ relationship with your organisation’s strategic direction.

• Are Top Management attending management review meetings?
• Do they support the QMS Manager (or equivalent) during day-to-day activities and with improvement initiatives?
• Do they lead the way and take accountability for the effectiveness of the QMS?
• Have they ensured that responsibilities and authorities for relevant roles are assigned and understood?
• Have they ensured that responsibilities and authorities are communicated?
• Have they established, implemented and maintained policies and objectives?

​
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.
​
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Processes such as design and development, manufacturing, customer service and purchasing are key to giving the customer what they want.

Supporting processes do not contribute directly to what the customer wants but do help the key processes to achieve their output. Support processes include often human resources, finance, document control, training and facilities maintenance, etc.

A good way look at this is to think about how work flows through your organisation. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how your departments interface with each other.

When defining your processes, try to keep it simple. A process such as ‘receiving inspection’ could be a a sub-process of the ‘purchasing’ process, for example. You are looking for a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as your company chooses.

It should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy. In determining which processes should be determined and documented the organisation may wish to consider factors such as:

• Effect on quality;
• Effect on the environment;
• Effect on safety and wellbeing;
• Risk of customer dissatisfaction;
• Statutory and/or regulatory requirements;
• Economic risk;
• Effectiveness and efficiency;
• Competence of personnel;
• Complexity of processes.

Once you have defined the processes and interfaces, go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organisation’s processes, think about each process and department and try to define those processes around the current organisational model and not around the requirements of the standard. For each process, ensure that is has:

• Owner(s) and participants, defined and documented;
• Procedures, work instructions or forms;
• Inputs, activities and outputs;
• Key performance indicators;
• Risks and opportunities;
• A sequence and interaction of processes.

You want to make sure that your organisation has determined your processes and that the interactions are also defined, preferably (but not necessarily) within a management system manual. Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship.

This requires that the description of the interactions between the processes should include process names, process inputs and process outputs in order define their interactions. Interaction means how one influences the other. The description of the interactions of the processes cannot be done if the processes are not determined (e.g. named).

As part of the standards, the organisation is not required to produce system maps, flow charts, lists of processes etc as evidence to demonstrate that the processes and their sequence and interactions have been determined - but certainly such documents will be useful, if not mandatory. Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

ISO 9001:2015 includes specific requirements necessary for the adoption of the processes approach when developing, implementing and improving a management system.

This requires your organisation to systematically define and manage processes and their interactions so as to achieve the intended results in accordance with both the policy and strategic direction. Although ISO 14001 and ISO 45001 do not ‘specifically’ require the adoption of the process approach, both standards do infer its use.

A process model explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as the company chooses but should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy.

I suggest that you map out which departments and functions are responsible for executing each element (from Section 4.0 to Section 10.0) of the standard as it applies to each process. You are trying to determine:
​

• How well the ‘process approach’ is understood and deployed within the organisation;
• How well the management system aligns with the organisational context and the requirements of interested parties;
• How likely it is the management system will achieve its intended outcomes and enhance environmental, safety & quality performance;
• Identification of the processes needed for the management system (e.g. process models, process grouping, process flow diagram, etc);
• Management system processes and their sequence and interaction (e.g. process mapping, turtle diagrams, etc);
• What information exists to ensure effective operation and control of the processes (e.g. defined process requirements, defined roles, required competencies, associated training, guidance material, etc);
• How the expected inputs and outputs from each of the identified processes, together with assignment of responsibilities and authorities, are aligned;
• The necessary criteria and methods to ensure effective operation and control of the processes (e.g. process monitoring indicators, performance indicators, target setting, data collection, trend analysis, audit results, etc);
• The arrangements for governing the processes (e.g. process reviews, dashboards, risks and opportunities relating to the process, resource needs, user training and competency, continual improvement initiatives, frequency of reviews, agenda, minutes, actions, etc);
• The organisational approach towards continual improvement and the type of action taken when process performance is not meeting intended results;
• How the capture of customer, statutory and regulatory requirements is achieved, and the method used to build these into the Management System (e.g. requirements capture, gap analysis, requirements embedded into the process definition, assigned contract assurance instructions, formal links to information, use of specified documentation, etc).

Existing operational procedures, quality manuals, work instructions and flow charts are valid examples of documented information and can be used to evidence the requirement for ‘documented information to support the operation of processes is being met’. Check that process inputs and outputs are defined, and review how each of the processes are sequenced and how they interact.

Your organisation should begin using quality, health and safety, and environmental performance indicators to control and monitor issues, and associated risks and opportunities. These types of objective evidence will indicate that your organisation has successfully integrated your management system processes into your business processes.
​
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

There's no getting around it - an ISO 9001 certification will require time, effort and improvement from many areas of the business. However, the steps that must be taken are worth it for any company. The whole point of putting in a quality management system is that it will benefit business owners, employees and customers alike.

If you are considering becoming ISO 9001 certified, it's important to learn as much as possible about the certification and about the process. Rather than simply leave everything to a consultant, it's always a good idea for you to know exactly what you must do to get the certification.

In simple terms, ISO 9001 requires organisations to ‘say what they do, and do what they say’. They ‘say what they do’ by detailing their operating procedures, explaining how quality is monitored and controlled. They must then demonstrate that they ‘do what they say’ as they operate their quality systems. This usually involves keeping records of quality checks, tests and other activities, so that the system can be audited.

In previous iterations of ISO 9001 (before 2015) there was an emphasis on writing down your operating procedures and having a written manual detailing how your quality management was monitored and controlled. No longer - the 2015 standard has a distinct absence of the terms “documents” and “records”.

Documented information is a means by which an organisation demonstrates compliance. It communicates what we do and how we do things, it communicates what happened and what results were achieved. It is, essentially, a tool for communication.

There are many different formats in which communication can happen and ISO 9001:2015 makes allowances for organisations to use what suits them best. Documented information can be in any format, any media, from any source.

While some may be wedded to pieces of paper, the medium used can be anything: paper, electronic, photographic, samples, etc. The possibilities are not quite endless, but certainly varied. If an organisation would find it useful and appropriate, a wall-painting or mosaic may also achieve the required result!

Organisations are not obliged to relegate their quality manuals and documented procedures to the dustbin. While there is no requirement for an organisation to have or use either, where such documentation exists, and is of use to the organisation, they should continue to use it.

I still believe in an organisation having a Quality Manual, even though this is not a requirement under the standard. My experience shows that a good Quality Manual can be a vital a tool when referred to properly throughout an organisation - if it’s just a tome which sits on a shelf gathering dust, the only purpose of which is to satisfy the requirements of a standard (as far too many used to be), then this is clearly a waste of time and effort. 

But I find that the benefits of having a Quality Manual are wide and varied and applicable to most businesses. They:

• Communicate management’s expectations to employees
• Demonstrate the organisation’s plan to conform to the standard
• Demonstrate that organisational roles, responsibilities, and authorities have been assigned, communicated, and understood
• Provide company context for internal and customer requirements (you need to consider the needs of your own company and your clients or customers in setting up your management system - yes, this is a requirement of the standard, but it also makes fundamental business sense)
• Guidance in increasing efficiency and improving processes
• Guidance on having clear and concise communication throughout the organisation’s documents and between functions or departments
• And yes, not a main reason but certainly a useful by-product, it makes audits easier (both internal and any external ones you might have) as it shows how you are aiming to comply with each clause of the standard

This will really help you as your system will consist of the following elements and a properly-managed Quality Manual will help to keep tabs on things:

• a quality plan, and written Quality Policy which is understood, implemented and maintained at all levels of the organisation;
• a definition of the responsibilities of all those who affect quality (an organisation chart is a good idea here);
• a review of accepted orders to ensure that customers’ requirements are clear, and procedures which control the design of goods or services to ensure that these requirements are met;
• procedures to ensure that purchased goods and services conform to the requirements of the organisation and that their progress can be traced through to delivery;
• systems that ensure the suitability for use of any materials or services supplied by a customer;
• demonstration that processes are carried out under specified conditions;
• the control, calibration and maintenance of all measuring and testing equipment;
• a system which identifies and segregates all non-conforming goods and services and which specifies corrective action and identifies root causes for these;
• processes for any servicing operation to document and verify that it satisfies customers’ requirements;
• records which provide objective evidence that the work is being carried out in accordance with procedures and customers’ requirements;
• processes which identify training needs and carry out and record training for employees
• the use of statistical techniques;
• self-policing through internal audits and reviews (e.g. Senior Management meetings).

That's it for this month, next month we'll be taking a look at how internal audits work.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).