How to Audit ISO 9001:2000, 4.1 General Requirements

Performance Improvement Solutions for Your Business Needs May 2007
In this issue

  • How to Audit ISO 9001:2000, 4.1 General Requirements
  • PPAP Manual Available as E-Document
  • Why Process Owners?
  • Critical Components of Continuous Improvement
  • Courses and Schedule
  • Greetings!

    Welcome to Sustaining Edge Solutions E- Newsletter

    Our newsletters provide guidance on operational and quality systems ISO 9001, AS9100, ISO/TS 16949, TL 9000, ISO 13485, ISO 14001, and others. This includes process improvement methods Six Sigma, lean enterprise, and other topics of interest to our readers.

    If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.

    Newsletter Sign-up

    Thanks for your Support!

    How to Audit ISO 9001:2000, 4.1 General Requirements

    Remember when you were in school and had to write a paper on some subject? The teacher would remind you to use the opening paragraph to provide an overview before getting into the details. The opening paragraph is like a road map that helps guide the reader through the rest of your paper. Well, clause 4.1 serves that purpose for the standard.
    However, due to the broad scope of ISO 9001:2000, clause 4.1, auditors often wonder how to assess its general requirements. The answer: by recognizing its linkages to the clauses in the remainder of the standard. Audit those other areas well and you are in effect auditing clause 4.1. See my comments below each of the of the requirements of clause 4.1.

    The organization shall establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.

    Clause 4.1 covers the requirement for your organization to set up a quality management system and broadly defines the associated activities. These activities are described in greater detail in the remainder of the standard. And, when you audit these other clauses, you are in essence auditing clause 4.1. To meet those requirements, you need to ensure that the activities described in 4.1 a) to f) below have been included in the quality management system.

    The organization shall a) identify the processes needed for the quality management system and their application throughout the organization (see 1.2),

    These are some of the issues an auditor should Which clauses are to be identified? The NOTE for clause 4.1 states the processes to be included are those for management activities (clause 5), provision of resources (clause 6), product realization (clause 7), and measurement (clause 8). The reference in 4.1.a to clause 1.2, Application, is to convey that all ISO 9001 requirements are intended for application, unless some can’t be applied due to the nature of the organization or its product. However, those exclusions are limited to the clause 7 requirements and must not affect your ability or responsibility to provide product that meets customer and legal requirements.

    How might the processes be identified? The key processes mentioned in the standard will be identified in the Quality Manual. Others may be addressed in documented plans, procedures, and work instructions. Some may be defined, but not documented. For example, there is a requirement to determine the methods to obtain and use customer satisfaction data. These methods may not be documented, but evidence must be available to prove their existence and conformity to clause 8.2.1.

    b) determine the sequence and interaction of these processes,

    Since clause 4.2.2.c requires the Quality Manual to describe the interaction between the processes of the quality management system, you assess conformity to 4.1.b by assessing the documented process sequence and interaction contained in the Quality Manual. That description could be conveyed in text, in a process interaction table, or in a process map (flow chart).

    c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective,

    When we ask about methods of operation and the controls in place to ensure desired results are obtained, we could be talking about any process. So, when we pose these questions for the order entry (7.2), product design (7.3), production (7.5), purchasing (7.4), or training (6.2) process, we are in effect auditing clause 4.1.c. And, just like we test the conformity of a product by comparing its characteristics to the acceptance criteria, the effectiveness of a process is evaluated by comparing its results to the process requirements (criteria).

    d) ensure the availability of resources and information necessary to support the operation and monitoring of these processes,

    When you assess conformity to clause 6.1, Provision of Resources, you are also auditing clause 4.1.d. Clause 6.1 requires your organization to determine and provide the necessary resources to implement and maintain the quality management system, as well as, continually improve its effectiveness. What resources should be considered? Equipment, facilities, people, supporting services, work environment, suppliers, information, natural resources, and finances. You want to know if resources are being identified, planned, made available, used, monitored, and changed as necessary. Also, see if process performance is being analyzed to determine the appropriate allocation of resources.

    e) monitor, measure, and analyze these processes, and

    Clause 8.1 requires that processes be planned and implemented for monitoring, measurement, analysis, and improvement of the quality management system. When you audit clause 8.1, clause 8.2 (Monitoring and Measurement), and clause 8.4 (Analysis of Data), you are in effect auditing clause 4.1.e.

    f) implement actions necessary to achieve planned results and continual improvement of these processes.

    Clause 8.2.3 requires suitable methods be applied to monitor, and where applicable, measure your processes. It states these methods must demonstrate the ability of the processes to achieve planned results. If the planned results are not achieved, then correction and corrective action must be taken, as appropriate, to ensure conformity of the product. When you audit clause 8.2.3, you are also auditing clause 4.1.f. Clause 8.5.1 requires your organization to continually improve the effectiveness (results) of the quality management system, which consists of interrelated processes. Therefore, when you audit clause 8.5.1, you are also auditing clause 4.1.f.

    These processes shall be managed by the organization in accordance with the requirements of this International Standard.

    This simply means there are process-related requirements stated elsewhere in the standard and the organization must manage the processes in accordance with those requirements. When you audit the process-related requirements in the other clauses, you also auditing this clause 4.1 requirement.

    Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control of such outsourced processes shall be identified within the quality management system.

    When you outsource (subcontract) any process that affects the quality of your product, you need to decide how you are going to control that process. If you outsource any process, you are still responsible for ensuring that the outsourced process provides what your customer contracted you to do.

    For example, if you are the main supplier on a project, but the design is carried out by another supplier, you have to decide how you will ensure that the developed design will meet the specification provided by you (or your customer). Other examples of outsourcing include processes such as heat treatment, cleaning, galvanizing, painting, information technology, and general maintenance. How do you control the outsourcing of processes? By applying the controls required by clause 7.4.1, Purchasing Process.

    PPAP Manual Available as E-Document

    The Production Part Approval Process (PPAP) Fourth Edition Manual offered by AIAG is now available as an e-document.

    The purpose of PPAP is to determine if all customer engineering design record and specification requirements are properly understood by the supplier, as well as, that the process has the potential to produce product consistently meeting these requirements during an actual production run at the quoted production rate.

    The customer-specific requirements for use with the 4th Edition of the PPAP Manual can be viewed at these IAOB web pages:

    Daimler Chrysler
    General Motors
    Ford Motor

    The PPAP e-document is available in single user and site license subscriptions. A single-user version allows you to save a copy of the document to one specific computer. A site license subscription allows you to save the file to your network so the file can be accessed by multiple employees.

    Why Process Owners?

    A Process Owner is a person who is given the responsibility and authority for managing a particular process. Most organizations find it useful to appoint individual process owners and define their responsibilities as ensuring the implementation, maintenance, and improvement of their specific process and its interactions with other processes.

    Process owners take an organization-wide view of their processes. They may not truly “own” the process in that some of the people who are involved in carrying out the process may not report to them. Instead, the owner is responsible for the design of the process, in other words, how it is carried out, how it interacts with other processes, and how it is measured. And, this responsibility is an ongoing task.

    Process owners have responsibility for their specific process, end-to-end. However, as stated earlier, this does not mean that all the staff involved in a process actually report to the process owner. Process owners usually have responsibility for most steps in the process and are able to influence other key areas outside their direct organizational control.

    Process owners should ensure the following activities are completed:

    • Define a process that can be easily subjected to audit
    • Describe its links and interactions with other processes
    • Identify its documentation and training requirements
    • Issue and maintain any procedures and instructions
    • Make available necessary resources and information
    • Operate and control an effective and efficient process
    • Resolve any problems and prevent their recurrence
    • Analyze performance data and set quality objectives
    • Identify risks and opportunities with current process
    • Investigate and propose process improvements

    In summary, a Process Owner is the person immediately accountable for creating, sustaining, and improving a particular process, as well as, being responsible for the outcomes of the process.

    Critical Components of Continuous Improvement

    Many companies which choose not to utilize Lean and Six Sigma as key components of how they implement change in their organization say it is because the methodologies are too complicated for their business environment. Unfortunately, most of these companies are not actually meeting customer demands because they do not know their customers as well as they could. They need an organized approach to making change happen in order to enhance the customer experience and positively impact the company’s profitability.

    All practitioners of Six Sigma – even those new to the methodology – are aware of the basic DMAIC roadmap. DMAIC is a process as a critical component of continuous improvement and quality initiatives.

    Define is the documentation of the opportunity from both a business and customer perspective.
    Measure is the way data is utilized to understand the process and its current performance.
    Analyze is the search for key factors or the critical data that has the biggest impact on the process performance and helps determine the root causes of problems.
    Improvement is the development of solutions for those critical data points that eliminate or mitigate the root causes of problems.
    Control is implementing solutions and a control plan for maintaining the improvements.

    The components of DMAIC provide a proven method for continuous improvement and are not meant to be rigid or used exactly the same way each time. There are many tools and deliverables that fall under the umbrella of DMAIC, and not every one of them is used in every single project.

    A core tool and principle of DMAIC continuous improvement is understanding how the customer aligns to internal processes and how they provide value to the customer. Simply stated, a SIPOC diagram is the simplest process view of how a company goes about satisfying a customer requirement:

    • Supplier: Roles within the organization that support the customer experience
    • Input: The information used to execute the customer request
    • Process: The value-added steps to perform the work required
    • Output: The product, service or information sent to the customer
    • Customer: The fulfillment of the customer need

    A SIPOC is a basic visualization of a customer process in an organization. Next month we will continue this topic and define further tools and differences between continuous improvement (what you may be doing) and breakthrough improvement (what you should be doing) with Six Sigma and Lean techniques.

    Courses and Schedule

    All courses are delivered at your company or at our training centers. Students are awarded Continuing Education Units.

    Don’t see a course, location, or date that fits your needs?

    Contact Us

    Quick Links

    Comments are closed.