How to best document your management system

Documenting QMS in businessDocumenting your ISO 9001 management system effectively is critical to ensure compliance with the standard and the ongoing success of your organization’s quality objectives. The ISO 9001:2015 standard provides flexibility in how documentation is managed but requires specific records and documented information for various processes. Below is guidance on how to best document your management system, along with relevant clauses from the ISO 9001 standard.

1. Documented Information Requirements

Clause 7.5 - Documented Information: This clause outlines the general requirements for creating, updating, and controlling documented information. It specifies that the organization must ensure that documents are appropriately identified, stored, and controlled, with proper version control and protection to prevent unintended use.

Best Practices:

Identify Required Documents: Create documents that are necessary for the effectiveness of your QMS, such as quality policies, objectives, process maps, and procedures. These documents should be clear and concise to avoid unnecessary complexity.

Version Control: Implement a system for versioning and tracking changes to documents to ensure only the most up-to-date information is used.

Accessibility: Ensure that documented information is accessible to those who need it, while maintaining security to prevent unauthorized access or alterations.

2. Documenting Processes

Clause 4.4 - Quality Management System and Its Processes: This clause requires organizations to document the processes needed for the QMS, including the inputs, outputs, sequence, and interaction of processes. You must also specify the criteria and methods used to ensure process effectiveness.

Best Practices:

Process Flow Diagrams: Use flowcharts or diagrams to clearly illustrate process flows and interactions between departments or teams. This simplifies understanding and communication of processes.

Process Mapping in ISO 9001 & IATF 16949

Process Mapping and your ISO 9001: 2015 & ISO / IATF 16949 Management System


There is considerable confusion regarding the documentation of process interactions, often referred to as Customer-Oriented Processes (COPs), Manufacturing-Oriented Processes (MOPs), and Support-Oriented Processes (SOPs), as required by ISO 9001:2015 and IATF 16949. Many companies add extra documents to meet these requirements, such as "Turtle Documents" and "Line of Sight" flow diagrams. While these documents help meet requirements, they often fail to adequately identify process interactions or support processes. Additionally, they introduce another set of documents that need to be controlled and understood by staff. However, if done correctly, process interaction diagrams can reduce documentation and increase effectiveness.

To achieve fewer procedures, it's essential to include procedural requirements within the process interaction diagrams. This means designating the Who, What, and When for the requirements in the standard. This approach allows process interaction diagrams to serve as level 2 documents, eliminating the need for additional controlled procedures. An important benefit of this approach is that process interaction diagrams are inherently more useful as training and controlled documentation for employees. They not only explain workflow but also illustrate interactions between processes, employee tasks, and departments.

A successful implementation approach we have used is starting with the 5 phases of APQP to develop these process interactions. Many companies can improve the APQP process while implementing IATF 16949.

This method can lead to other valuable insights, such as Value Stream Mapping, a key tool in lean manufacturing.


How does an organization address risks and opportunities in ISO 9001

risks to an organizationIn ISO 9001:2015, addressing risks and opportunities is a fundamental part of the quality management system (QMS), aiming to increase the effectiveness of the QMS, achieve improved results, and prevent negative effects. The standard requires an organization to integrate a risk-based thinking approach into its overall processes. Here's how an organization can address risks and opportunities according to ISO 9001:

  1. Understanding the Context: The organization needs to understand its internal and external context, including any factors that can impact its QMS objectives. This understanding helps in identifying potential risks and opportunities.

  2. Planning: Once the risks and opportunities are identified, the organization should plan actions to address these. This includes deciding how to:

    • Mitigate or eliminate the risks.
    • Enhance opportunities to achieve the intended outcomes of the QMS.
  3. Integration into the QMS Processes: The actions to address risks and opportunities are integrated into the organization's QMS processes. This integration ensures that risk-based thinking is embedded in the planning and execution of all QMS processes.

When should a company perform an internal ISO 9001 audit?

gecko auditorInsurance Icon Turned AuditorA company should perform an internal ISO 9001 audit at various stages and frequencies to ensure continuous compliance and improvement. Management Solutions Group is here to help prepare or perform your Internal Audit. Here are the general guidelines:

  1. Before External Audits: It's crucial to conduct internal audits before scheduled external or certification audits. This allows the company to identify and address any non-conformities or areas for improvement.

  2. Regularly Scheduled Intervals: Companies typically perform internal audits at least once a year. However, the frequency can be higher depending on the size of the organization, the complexity of processes, the level of changes made to the system, and past audit performance.

What is the frequency to perform an ISO 9001 internal audit?

ISO 9001 is a quality management system (QMS) standard that requires organizations to conduct internal audits at planned intervals to ensure conformity and effectiveness.

While ISO 9001 doesn't prescribe a specific frequency for internal audits, they should be performed at regular intervals that are appropriate for the organization's size, complexity, and identified risks. The timing and frequency of the audits should be defined in the organization's internal audit procedure or quality manual, based on a risk assessment.

Some organizations might perform internal audits quarterly, while others may choose to do them semi-annually or annually. It often depends on the previous audit findings, changes to processes, or concerns raised by customers or management.

What is the difference between IATF 16949 and ISO 9001?

IATF 16949 and ISO 9001 are both standards related to quality management systems, but they are designed to address different aspects and have distinct applications.


ISO 9001:


Scope: ISO 9001 is a general standard that is applicable to all industries. It outlines the criteria for a quality management system and focuses on customer satisfaction, continual improvement, and fulfillment of regulatory requirements.
Requirements: The requirements of ISO 9001 are broad and emphasize process control, customer orientation, leadership, risk management, and operational planning.
Certification: Many organizations can become ISO 9001 certified to demonstrate their commitment to quality management principles. The certification is recognized worldwide.

How to control outsourced processes in your Management System

conference with 2 peopleISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated.   This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001.  Effectively there is almost no difference between purchasing a service and outsourcing of a process.

What processes are outsourced, and how are they controlled?

Usually, outsourced processes include things like:

  • component manufacturing
  • accounting
  • maintenance
  • transportation
  • IT support
  • warehousing & distribution
  • banking & finance
  • legal
  • consultant/auditor

Internal and certification audits take into account Outsourced Processes & Products.  ISO Standard 8.4.1 covers how organizations address external outsource vendors.

SEQUENCE AND INTERACTION OF PROCESSES

Section 4.4.1 requires documentation of quality management processes and their “sequence and interaction.”

Now, what does that mean?

Processes have inputs and outputs and are managed by a series of activities. For instance, Verification of Purchased Product, 7.4.3, is a process (dinosaurs who wondered the earth during the ISO9000:1994 era refer to this as receiving inspection). This process has inputs such as supplier evaluation, prints and purchase orders. The outputs may include a receiving inspection log, tags, labels and routers. Activities usually include receiving, inspecting, documenting, identifying and staging.
Where do we start?

First, assign a team that represents all departments.

Next, draw a “sequence of processes flowchart.” This is simply a diagram of the major processes in your system from Quoting to Shipping. This is also called a “line-of-sight diagram.”

Now, diagram the activities associated with each step. Be sure to include all departments in this exercise.

What is the ISO 9001:2015 standard and what it is not.

What is in ISO 9001:2015 and what is not. Listen to Brandon Kerkstra give a brief overview in this lesson from the online ISO 9001:2015 course.

What ISO 9001:2015 DOES Include   What is NOT in ISO 9001:2015

thumbs up 3 whiteRequires an organization to have the information (documents, procedures, etc.) and records required for effective business planning and implementation

  thumbs down 3 whiteRequiring a change in your document identification system. It is your decision.
thumbs up 3 whiteFocus on Strategic thinking. Language is Context of Organization

  thumbs down 3 whiteDescribing HOW to conduct strategic planning
thumbs up 3 whiteFocus on risk based thinking to be initiated at the strategic level or Context of Organization

  thumbs down 3 whiteRequiring risk assessment, risk management, risk treatment, and use of formal risk tools
thumbs up 3 whiteIt is arranged so all ISO Management systems will be aligned=one system   thumbs down 3 whiteDivergent systems are permitted at this time
     
     
     Click play to listen to brandon
 logo  

Information

We offer a free, no obligation initial analysis as well as accomplishment Guarantees.

building bricks 35x25Copyright 2008 - 2021 Management Solutions Group, All Rights Reserved

building bricks 35x252879 Hoag NE • Grand Rapids, MI 49525
• Phone: Tap: (616) 365-9822
• Fax: (425) 799-5915

Testimonial from a Client

Impactful Training

"Besides learning the auditor skills, it [training] helped me understand the impact a quality system has on the entire company I work for"

NPA Coatings