These changes are categorised under the clause numbers of the standard
4 Quality management system
Outsourcing of processes remains an integral part of the new standard. The clause now has an emphasis on the processes complying with both legal and customer requirements. As previously, it remains an organization’s responsibility to ensure all the necessary processes are in place to meet regulatory, mandatory and customer requirements. The clause now better defines the responsibilities of the organization to assist in determining the impacts or problems that may occur between the organisation and the supplier, and to ensure they are effectively managed.
4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.
The organization shall:
a) determine the processes needed for the quality management system and their application throughout the organization (see 1.2)
b) determine the sequence and interaction of these processes,
c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
d) ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
e) monitor, measure where applicable, and analyse these processes, and
f) implement actions necessary to achieve planned results and continual improvement of these processes.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.
NOTE 1 Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization, measurement, analysis and improvement.
NOTE 2 An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party,
NOTE 3 Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as
a) the potential impact of the outsourced process on the organization's capability to provide product that conforms to requirements,
b) the degree to which the control for the process is shared,
c) the capability of achieving the necessary control through the application of 7.4.
4.2.1
There is now clarification that single documents may contain one or more procedures and the documented procedures can be covered by one or more documents.
4.2.1 General
The quality management system documentation shall include:
a) documented statements of a quality policy and quality objectives,
b) a quality manual,
c) documented procedures and records required by this International Standard, and
d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
NOTE 1 Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.
NOTE 2 The extent of the quality management system documentation can differ from one organization to another due to
a) the size of organization and type of activities,
b) the complexity of processes and their interactions, and
c) the competence of personnel.
NOTE 3 The documentation can be in any form or type of medium.
4.2.3 (f)
The standard now requires an organization to determine the extent of the external documentation that requires controlling in order to maintain and operate the quality management system.
4.2.3 Control of documents
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in
A documented procedure shall be established to define the controls needed:
a) to approve documents for adequacy prior to issue,
b) to review and update as necessary and re-approve documents,
c) to ensure that changes and the current revision status of documents are identified,
d) to ensure that relevant versions of applicable documents are available at points of use,
e) to ensure that documents remain legible and readily identifiable,
f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
5.5.2
The standard determines that the member of management must be a member of the organization’s management team and not an external member of management.
5.5.2 Management representative
Top management shall appoint a member of the organization's management who, irrespective of other responsibilities, shall have responsibility and authority that includes:
a) ensuring that processes needed for the quality management system are established, implemented and maintained,
b) reporting to top management on the performance of the quality management system and any need for improvement, and
c) ensuring the promotion of awareness of customer requirements throughout the organization.
NOTE The responsibility of a management representative can include liaison with external parties on matters relating to the quality management system.
6.2.1
Competence remains a key issue, with the competence of personnel affecting the performance of conformity to product requirements, directly or indirectly, being controlled by the organization.
6.2 Human resources
6.2.1 General
Personnel performing work affecting conformity to product requirements shall be competent on the basis of appropriate education, training, skills and experience.
NOTE Conformity to product requirements can be affected directly or indirectly by personnel performing any task within the quality management system.
6.3 (c)
‘Information systems’ has been included within the example brackets, to ensure product release.
6.3 Infrastructure
The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable,
a) buildings, workspace and associated utilities,
b) process equipment (both hardware and software), and
c) supporting services (such as transport, communication or information systems).
6.4
The definition of work environment has been better defined in a note, to include physical, environments and other factors such as weather, lighting, sound and temperature to ensure conditions under which work is performed meet requirements.
6.4 Work environment
The organization shall determine and manage the work environment needed to achieve conformity to product requirements.
NOTE The term “work environment” relates to those conditions under which work is performed including physical, environmental and other factors (such as noise, temperature, humidity, lighting or weather).
7.2.1 (a)
A note has been included giving examples of post-delivery.
7.2.1 Determination of requirements related to the product
The organization shall determine:
a) requirements specified by the customer, including the requirements for delivery and post-delivery activities,
b) requirements not stated by the customer but necessary for specified or intended use, where known,
c) statutory and regulatory requirements applicable to the product, and
d) any additional requirements considered necessary by the organization.
NOTE Post-delivery activities include, for example, actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
7.3.1
A note has been included to expand on the definition of this clause.
7.3.1 Design and development planning
The organization shall plan and control the design and development of product. During the design and development planning, the organization shall determine:
a) the design and development stages,
b) the review, verification and validation that are appropriate to each design and development stage, and
c) the responsibilities and authorities for design and development.
The organization shall manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility.
Planning output shall be updated, as appropriate, as the design and development progresses.
NOTE Design and development review, verification and validation have distinct purposes. They can be conducted and recorded separately or in any combination, as suitable for the product and the organization.
7.3.3
An additional description has been added to identify the meaning of service provision to include details of product preservation.
7.3.3 Design and development outputs
The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release.
Design and development outputs shall:
a) meet the input requirements for design and development,
b) provide appropriate information for purchasing, production and service provision,
c) contain or reference product acceptance criteria, and
d) specify the characteristics of the product that are essential for its safe and proper use.
NOTE Information for production and service provision can include details for the preservation of product.
7.6
Additional guidance regarding the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.
7.6 Control of monitoring and measuring equipment
The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring equipment needed to provide evidence of conformity of product to determined requirements.
The organization shall establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements.
Where necessary to ensure valid results, measuring equipment shall:
a) be calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded (see 4.2.4);
b) be adjusted or re-adjusted as necessary;
c) have identification in order to determine its calibration status;
d) be safeguarded from adjustments that would invalidate the measurement result;
e) be protected from damage and deterioration during handling, maintenance and storage.
In addition, the organization shall assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. The organization shall take appropriate action on the equipment and any product affected. Records of the results of calibration and verification shall be maintained (see 4.2.4).
When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application shall be confirmed. This shall be undertaken prior to initial use and reconfirmed as necessary.
NOTE Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.
8.2.1
Additional note added giving examples of the different methods on measuring and monitoring customer satisfaction through data analysis, surveys, claims, warranties, dealer reports.
8.2.1 Customer satisfaction
As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined.
NOTE Monitoring customer perception can include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims and dealer reports.
8.2.2
The requirement for internal audit records to be maintained has been made clearer.
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system:
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.
An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
A documented procedure shall be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results.
Records of the audits and their results shall be maintained (see 4.2.4).
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results (see 8.5.2). NOTE See ISO 19011 for guidance.
8.2.3
Additional note advising that organizations need to consider the type and extent of monitoring and measuring for each process in relation to the impact on the conformity for product requirements and its effectiveness within QMS.
8.2.3 Monitoring and measurement of processes
The organization shall apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes. These methods shall demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate.
NOTE When determining suitable methods, it is advisable that the organization consider the type and extent of monitoring or measurement appropriate to each of its processes in relation to their impact on the conformity to product requirements and on the effectiveness of the quality management system.
8.2.4
There is clarification in releasing products to the customer and records of who authorises to sign off the product for delivery.
8.2.4 Monitoring and measurement of product
The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements (see 7.1).
Evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing release of product for delivery to the customer (see 4.2.4).
The release of product and delivery of service to the customer shall not proceed until the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer.
8.3 Control of nonconforming product
The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. A documented procedure shall be established to define the controls and related responsibilities and authorities for dealing with nonconforming product.
Where applicable, the organization shall deal with nonconforming product by one or more of the following ways:
a) by taking action to eliminate the detected nonconformity;
b) by authorizing its use, release or acceptance under concession by a relevant authority and, where
applicable, by the customer;
c) by taking action to preclude its original intended use or application;
d) by taking action appropriate to the effects, or potential effects, of the nonconformity when nonconforming product is detected after delivery or use has started.
When nonconforming product is corrected it shall be subject to re-verification to demonstrate conformity to the requirements.
Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained (see 4.2.4).
8.4 Analysis of data
The organization shall determine, collect and analyse appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources.
The analysis of data shall provide information relating to:
a) customer satisfaction (see 8.2.1),
b) conformity to product requirements (see 8.2.4),
c) characteristics and trends of processes and products, including opportunities for preventive action (see 8.2.3 and 8.2.4), and
d) suppliers (see 7.4).
8.5 Improvement
8.5.1 Continual improvement
The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.
8.5.2 Corrective action
The organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
A documented procedure shall be established to define requirements for
a) reviewing nonconformities (including customer complaints),
b) determining the causes of nonconformities,
c) evaluating the need for action to ensure that nonconformities do not recur,
d) determining and implementing action needed,
e) records of the results of action taken (see 4.2.4), and
f) reviewing the effectiveness of the corrective action taken.
8.5.3 Preventive action
The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.
A documented procedure shall be established to define requirements for:
a) determining potential nonconformities and their causes,
b) evaluating the need for action to prevent occurrence of nonconformities,
c) determining and implementing action needed,
d) records of results of action taken (see 4.2.4), and
e) reviewing the effectiveness of the preventive action taken.
Thursday, March 10, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment