Authors Posts by ISOUpdate.com

ISOUpdate.com

185 POSTS 23 COMMENTS
ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -
Become a Third Party Auditor - ISOUpdate.com

An accreditation body (AB) is an organization that provides accreditation services, which is a formal, third party recognition of competence to perform specific tasks. In other words, it means that organizations seeking accreditation can demonstrate to their customers that they have been successful at meeting the requirements of international accreditation standards.

In the last few decades many specified standards have been developed, and with them the number of organizations that check conformity and compliance with these standards has grown. These organizations provide services such as testing, inspection, calibration and certification and they may be laboratories, inspection bodies, certification bodies or other types of organizations. Anything or anyone can be evaluated (products, equipment, people, management systems or organizations) and the role of an accreditation body is to assess the technical competence and integrity of the organizations offering these kinds of evaluation services by:

  • Ensuring that certification bodies, inspection agencies, calibration/testing laboratories and other conformity assessment bodies meet established standards that will enable them to provide a service in an objective and independent manner.
  • Ensuring compliance with codes of ethics/conduct when providing assessment services.
  • Examining the competence of the organization’s staff.
  • Verifying the scope of an organization’s services. There are many sector specific standards and because not all organizations perform the same work or have similar capabilities, accreditation bodies can help identify and qualify those that are competent to perform a defined scope of work.

Regarding the quality of products and services, accreditation bodies play an important role because many are motivated to define and measure quality in a particular field. In their vision and mission statements, most accreditation bodies include quality improvement in their respective field. This helps keep accredited programs constantly focused on quality improvement as one of their own measures of success.

When an organization has been accredited by an accreditation body it means that they have been assessed against internationally recognized standards to demonstrate their competence, impartiality and performance capability. This serves as a means to identify a proven, competent evaluator so that the selection of a laboratory, inspection or certification body is an informed choice.  Most accreditation bodies provide a list of the organizations they have accredited, facilitating the search of these accredited organizations.

 

by -
Quality Control and Quality Assurance
Quality Control and Quality Assurance are both players of the same team and it is not possible to guarantee customer satisfaction if either one is missing.

Since the first publication of ISO 9001 in 1987, over one million organizations around the world have been certified to it. Today, the number of organizations deciding to use ISO 9001 as their guide to implement or improve a quality management system continues to grow. The reasons for implementing and seeking certification differ from company to company. Some make this decision hoping to improve customer satisfaction, gain new customers, improve process efficiency, meet legal or customer’s requirements or simply to become more competitive in their market.

Regardless of the reasons, deciding to embark an organization in the implementation and certification process needs to be carefully planned, as it involves a significant amount of effort regarding time and money. Therefore, the initial question that leaders seek to answer is if all that effort will be worth it?

There are many opinions for and against ISO 9001 certification, and even though surveys have shown that there are organizations that have reported no benefits at all after their certification, most organizations acknowledge numerous benefits after obtaining certification.

Surveys have shown that many organizations have perceived external benefits after their organization has been certified. Some of these are:

  • Improved perceived quality
  • Improved customer satisfaction
  • Competitive advantage
  • Reduced customer audits
  • Increased market share
  • Quicker time to market

Additional to these external benefits, organizations have also reported the following internal benefits:

  • Greater quality awareness and better documentation
  • Increased efficiency
  • Positive cultural change
  • Improved financial performance
  • Improved employee morale

Another study published by the International Organization for Standardization (ISO) in 2002, compared the performance of similar certified and non-certified organizations over a 10 year period. The results of the study showed that the certified organizations improved their relative performance substantially, compared to the non-certified ones. The study concluded that organizations that did not seek certification experienced substantial deteriorations in their performance, while organizations that obtained certification generally managed to avoid such declines.

Most of the information available suggests that ISO 9001 is worth the investment if it is perceived as a valuable tool that organizations can use to improve their processes, meet their customer’s requirements and continuously improve their quality performance. If an organization gets certified and shortly forgets about maintaining and improving their processes, it is likely that their initial investment will not pay off, and ISO 9001 certification will end up being a waste of time and money.

ISO 9001 will be a positive and well perceived investment if it is planned, implemented and maintained correctly. There are information and tools available for organizations to make the best of the most widely used standard in the world.

by -

The ISO 9000 family of standards is the most extensively used standards worldwide. They address various aspects of quality management and provide organizations with guidance and tools to ensure that their products and services consistently meet customer’s requirements, and that quality is consistently improved.

The best known standard of the ISO 9000 family is ISO 9001:2008, Quality management systems- Requirements, which establishes the criteria for a quality management system (QMS) and is the only standard in the family that can be certified to. ISO 9001 certification is not a requirement; however, organizations of all kinds and sizes all around the world decide to seek certification for a variety of reasons. These include to ensure clients, customers and stakeholders that they can provide quality products and services that continuously meet their expectations, improve the image of their product or services, increase their competitiveness and also because, nowadays, it is essential in order to do business in many industry sectors.

ISO 9001 has been around for over 20 years, and since its release, over one million organizations have been certified and many more have used it as a guide to establish and improve their QMS.

As stated in the 2013 edition of the ISO Survey, by the end of 2013, “at least 1,129,446 certificates had been issued in 187 countries and economies”.

In recent years, China has shown a rapid growth of the number of certificates issued there, placing it as the number one country with more ISO 9001 certifications (over 290.000 certifications). China is followed by Italy and Germany for being, respectively, the second and third country with most certificates.

Trends show that in the years to come, many more organizations will become ISO 9001 certified. It is expected that, with the upcoming revision of the standard (ISO 9001:2015), organizations will find that implementing and certifying to ISO 9001 will support them in overcoming the many challenges faced by businesses today.

by -
Measuring Supplier Performance

Implementing and seeking certification for ISO 9001 is an important decision many organizations make to improve their quality management system (QMS) and increase their competitiveness within their market. After the decision is made, one of the first concerns is: how long will this process take? Will it take three months? six months? a year maybe? or two years?

This question does not have a definite answer, implementing and seeking certification for ISO 9001 requires time, money and effort and the overall time spent will depend on several factors:

  • The size and complexity of the organization.
    Is it a small or medium-sized organization? Is it a single site organization or a multinational? Does the organization have complex processes such as design, manufacture, installation, test, etc.?
  • The maturity of the quality system that is in use.
    Does the organization have a well developed and structured QMS? Does it have a simple one with deficiencies?.
  • The resources available (money and time).
    Does the organization have a team dedicated exclusively on the implementation of ISO 9001? Do employees have only a couple of hours a week to dedicate to this project? Will the organization be able to hire a consultant to guide them through all the process?

The major time consuming activities organizations need to consider when implementing ISO 9001 are:

  • Understanding ISO 9001. Time will need to be spent in studying and training the people responsible for the implementation.
  • Conducting a gap analysis. This analysis will allow organizations to identify exactly what needs to be done to meet ISO 9001 requirements.
  • Getting busy with the documentation. A number of documents (policy, manual, procedures and forms) need to be developed.
  • Implementation and training. Employees need to know and understand key ISO 9001 requirements, and their work needs to be aligned with what is required.
  • Preparing and conducting an internal audit. At least one internal audit needs to take place before the certification audit.
  • Correcting non-conformities. Audit findings need to be addresses with an action plan to permanently correct them.
  • Selecting the certification body (CB). A registrar or CB needs to be selected to undertake the audit certification.
  • The certification audit. After all the hard work, a certification audit is scheduled with the CB and if the audit is a success, the organization is certified.

Carrying through all these activities can take an organization from 9 to 18 months; however, it will all depend on the organization and its specific situation.

It is recommended that organizations take the time needed to effectively implement ISO 9001; a well established and implemented QMS will provide organizations with a valuable tool to improve their quality performance and continuously meet their client’s expectations.

 

by -
Difference Between Stage 1 & Stage 2 Audits - ISOUpdate.com

Organizations that have successfully implemented a management system may choose to seek certification by an independent third party audit from a registrar/certification body (CB). Certification can serve as a valuable tool to add credibility and to demonstrate to clients, customers and other stakeholders, that an organization’s management system meets the requirements of a given standard; thus, finding the right registrar is an important decision to be made.

When choosing a registrar, organizations should consider the following:

Accredited or non-accredited.

Organizations should decide if they will contract an accredited registrar or a non-accredited one. Accreditation means that an independent, objective body (an accreditation body) recognizes that an organization is qualified to provide specific services.  Accreditation is not an obligation, and non-accreditation does not necessarily mean that an organization is not reputable; however, accreditation provides confirmation of competence by an independent body.

If an organization is seeking certification as a regulatory or industry requirement, it is important to ensure if they are required to be certified by an accredited registrar; some clients and customers require their suppliers to do so. Organizations should ask the accreditation bodies in their countries for a lists of the registrar they have accredited.

Relevant experience and sector expertise.

There are many standards that an organization can be certified to (ISO 9001, ISO 14001, OHSAS 18001, ISO 22000, ISO 13485, AS9100, TS 16949, ISO/IEC 27001, ISO/IEC 50001, etc.) and when choosing a registrar, organizations should verify the registrar’s experience in the relevant standard.

Also, it is important that the registrar has experience in the organization’s industry sector. Organizations need to ensure that the auditors know and understand the processes involved in their operations.

The cost is important, but…

Cost is an important factor for all organizations; however, not always the most inexpensive registrar is the most appropriate. It is possible that a certificate issued by a low-cost registrar, will not be recognized by clients, customers and other stakeholders. Therefore, even though the cost needs to be considered, it should not be the determining factor for the selection of the registrar.

Meet them before choosing them

Organizations should evaluate several registrar and schedule a meeting with them before making their final choice. This will allow them to “sense” if a good working relationship will be possible to establish. After the certification audit, the registrar auditors will visit the organization once or twice a year if they consider it necessary to maintain certification, so an active and reliable relationship will need to be developed between the two.

Choosing a registrar should not be a decision taken lightly. A good selection process will ensure the credibility and value of the certificate issued, which will ultimately provide a valuable asset to the certified organization.

Measuring Supplier Performance

The new ISO 9001:2015 is currently at the Final Draft International Stage (FDIS), the fifth stage of a six stage process, and the final revision is expected to be published by September 2015. There are a lot of expectations regarding the release of the new standard and many are wondering what the differences will be between ISO 9001:2008 and ISO 9001:2015.

The recently published draft of the standard (DIS) has shown what the main differences are about; even though both standards cover essentially the same topics, there are some important changes. Some of these are:

  1. The most notorious difference between the standards is its structure. ISO 9001:2008 had five main sections and ISO 9001:2015 has seven. The new ISO 9001:2015 aligns with high-level organizational structure established on the ISO Guide 83 (“Annex SL”), requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. Such structure is as follow:
    • Scope
    • Normative References
    • Terms and Definitions
    • Context of the Organization
    • Leadership
    • Planning
    • Support
    • Operation
    • Performance Evaluation
    • Improvement
  2. The new standard puts a greater emphasis on the “context of the organization”. Unlike ISO 9001:2008, the new standard will require organizations to consider the external and internal issues that may influence their quality management system (QMS) and they will need to determine how these will be addressed.
  3. With the new ISO 9001:2015, organizations will be required to take a risk-based approach to identify and address the risks that can jeopardize their ability to meet customer and regulatory requirements. In ISO 9001:2008, even though a risk-based approach is not explicit, the standard implicitly guides organizations in managing their risk.
  4. The new standard has eliminated the distinction between documents and records by referring only to “Documented information”. There also will be general requirements for documentation, with no reference to documented quality manual, documented procedures or to quality records.
  5. The specific requirements for preventive action present in ISO 9001:2008 have been removed in the new standard. This decision was motivated by the perspective that prevention is the task of the QMS in its entirety.
  6. Some concepts have been replaced in the new standard, such as the term “product” is replaced by “goods & services” and “continual” by “continual improvement.”“Purchasing” and “outsourcing” will be replaced by “external provision of goods and services”.
  7. The new standard also eliminates any reference to a “Management Representative”. Instead, management duties and responsibilities can now be assigned directly to top management (to one person in particular or to many).

These are the main differences between the two standards which are based on the DIS version of ISO 9001:2015. There are still comments from over 90 countries that will be taken into account and it is yet to see which of these changes will be maintained in the final official version.

by -
As any other manager, role of the Management Representative is that of planning, organizing, monitoring, evaluating, and reporting.
As any other manager, role of the Management Representative is that of planning, organizing, monitoring, evaluating, and reporting.

Corrective Action is a reactive process; something needs to have gone wrong in order for an organization to take actions to solve the problem or non-conformity. Depending on the way they are approached, non-conformities can be corrected and its recurrence prevented.

Organizations with well-established management systems can find that problems/non-conformities, in their processes, products or services, recur, in spite of all the efforts (time, work and money) spent to eliminate them. In order to ensure that a problem is fixed immediately and in the long-term, an effective corrective action process needs to be established. Here are some characteristics of what makes an excellent corrective action process:



Problems are identified. Problems can occur in processes, in the workplace, in a product or service provided, or in the management system itself. Some of these problems are easier to identify than others; that’s why organizations need to establish ways to identify them through:

  • Workplace and process inspections.
  • Testing, inspecting, and monitoring of equipment.
  • Reviewing interested party’s communications.
  • Audits.
  • Hazard reporting.
  • Investigating complaints, incidents and accidents.
  • Reviewing system failures.
  • Reviewing regulatory requirements.

Problems are temporarily fixed or contained. Most problems need a quick reaction. For that reason, the owner of the task or process needs to be located and informed immediately in order to take the necessary actions to solve the problem temporarily.

The problem’s root cause is found. This is the most important characteristic of an effective corrective action process. If an organization is unable to determine the root cause of a problem/non-conformity, it is condemned to face the same problem over and over, which can be exhausting and discouraging to everyone involved in the process.

There are numerous techniques to determine the root cause of a problem. An organization needs to make sure their employees have the time, resources and the required skills to investigate and draw the right conclusions from these investigations.

A long lasting solution is put in place. After identifying the root cause, an appropriate solution that will prevent the problem from happening again must be proposed. These actions need to be put in place. It’s useless to go through all the work of understanding the problem and identifying its root cause, if the actions to solve it, will not be taken.

Permanent changes are verified. After an appropriate period of time, a person needs to be assigned to verify if the actions were successful in preventing recurrence. It’s recommended that this person is someone that was not involved in the previous steps of this process, to ensure is impartiality.

Corrective actions are recorded. It’s essential to report all the details of the corrective actions: problem found, immediate actions taken, root cause, corrective actions, and verification.

If an organization learns to solve their problems by applying an effective corrective action process, they will ultimately improve their processes, their management system and their business.



by -
Many organizations find themselves in the ethical obligation to improve their occupational health and safety performance.
Many organizations find themselves in the ethical obligation to improve their occupational health and safety performance.

OHSAS 18001 is an internationally applied British Standard for occupational health and safety management systems (OHSMS). This standard establishes requirements for an organization to control its work-related health and safety hazards and improve their performance, by planning, documenting and implementing a verifiable method for reducing and eliminating hazards in the workplace. The benefits of OHSAS 18001 can help your organization improve health and safety. 

Managing occupational health and safety in the workplace brings numerous benefits to all kinds and sizes of organizations. Some of these are:

It guides organizations in their pursue of “zero accidents”.

  • OHSAS 18001 provides a system to identify and effectively manage occupational health and safety hazards in order to minimize health and safety risk.
  • It provides tools and techniques to identify potential causes of accidents and helps organizations improve employee awareness of risks.
  • Incident and accident rates are reduced as a consequence of better control of work-related risks and an improved performance monitoring.
  • Improves the incident investigation process.

Ensures organizations comply with legal requirements.

  • In order for organizations to establish and maintain their OHSMS, they must take into account applicable legal requirements.
  • Ensures organizations commit to comply and communicate all relevant legal information to employees and interested parties.

Improves an organization’s image.

  • OHSAS 18001 drives organizations to set occupational health and safety as a priority, ensuring that appropriate measures are taken to protect staff, employees and everyone associated with their activities.
  • The adoption of international best practice in relation to risk management can improve an organization’s image and credibility among stakeholders, regulators, customers, prospective clients and the public in general.
  • An improved reputation can give organizations a competitive advantage by providing a safe environment to do business.

Improves the workplace environment.

  • Implementing this standard will show employees that an organization is committed to keeping them safe, therefore improving employee motivation, retention and satisfaction.
  • OHSAS 18001 can help organizations put in place clear procedures to decrease absenteeism.
  • Improvement of communication and training will bring greater involvement and commitment from everyone.

Helps organizations save money.

  • Implementing OHSAS 18001 reduces the likelihood of fines and prosecutions.
  • By reducing accident and incident rates and work-related illnesses, it also reduces all the costs associated with them (costly medical claims, lost working days, time and money spent on investigation and paperwork).
  • This standard is recognized by insurers which can bring a decrease in insurance premiums.

Another benefit of OHSAS 18001 is that the standard can be adopted by any organization, regardless of its size or nature, whether it’s a high risk or low risk businesses in the private or public sector.

This standard is compatible with ISO 9001 and ISO 14001 management systems standards, making it easy to integrate it with existing management systems, thus contributing to the improvement of an organization’s overall business performances.

 

Since the 1960s, HACCP has been recognized internationally as a logical tool for adapting traditional inspection methods to a modern, science-based, food safety system.
Since the 1960s, HACCP has been recognized internationally as a logical tool for adapting traditional inspection methods to a modern, science-based, food safety system.

ISO 14001 is under review. After its original publication in 1996, this is the first time it’s going through major changes. The review process is currently at the Draft International Standard (DIS) stage, the fourth stage of a six stage process, and  the final revised ISO 14001:2015 is due to be published by the end of 2015. Some of the main changes ISO 14001:2004 is undergoing are:

  1. The first change to ISO 14001:2004 concerns its structure. This revision is based on the ISO Guide 83 (“Annex SL”) which defines a common high level structure, text and common terms and definitions for the next generation of management systems. This structure aims to facilitate the implementation process and the integration of several management systems in a harmonized, structured and efficient manner. Such structure is as follow:
    1. Scope
    2. Normative References
    3. Terms and Definitions
    4. Context of the Organization
    5. Leadership
    6. Planning
    7. Support
    8. Operation
    9. Performance Evaluation
    10. Improvement
  2. New concepts have been added, such as “supply chain”, “value chain” and “product life cycle” and existing definitions have been modified to give a different emphasis and to improve clarity.
  3. Two new clauses have been introduced which focuses on an organization’s context. These require organizations to determine the issues and requirements that can influence the scope of its EMS and take them into account.
  4. There’s a greater emphasis on top management, requiring them to take the lead in integrating the environmental management practices into their organization’s core strategies, processes, and priorities.
  5. Regarding environmental policy, organization should be committed to protecting the environment rather than just preventing its pollution, as stated in ISO 14001:2004.
  6. A greater emphasis is placed on an organization determining its own risk profile.
  7. Organizations are required to control or influence processes and services associated with significant environmental aspects, organizational risks, lifecycle and emergency preparedness.
  8. There is a greater focus on environmental performance improvement across the value chain.
  9. The DIS does not include specific requirements for preventive action. The new standard no longer thinks of preventive measures as a separate topic, but rather as a central component of all environmental-related activities.
  10. Environmental objectives have been given a separate sub-clause with the “planning actions to achieve environmental objectives.”
  11. The terms “document” and “record” have both been replaced throughout the DIS with the term “documented information”. The DIS states that documented information must be maintained to the extent necessary to have confidence that the processes have been carried out as planned.

It is important to mention that this standard is still under review, and there is still to see which changes will make it to the final revision. However, it’s clear that the overall goal of ISO 14001:2015 is to respond to the latest environmental trends, help organizations improve their environmental performance and prepare them for future environmental challenges.

 

The quality management system (QMS) standard ISO 9001:2008 is currently under review. Like all ISO standards, which go through a revision every 5 years, ISO 9001 is being updated to reflect new technological advancements in the workplace and a to give a higher focus on the quality of outputs to customers.

The review process is currently at the Final Draft International Stage (FDIS), the fifth stage of a six stage process and  the final revised ISO 9001:2015 is due to be published by September 2015. Some of the upcoming changes to ISO 9001:2008 are:

  1. The new ISO 9001 standard aligns with high-level organizational structure established on the ISO Guide 83 (“Annex SL”), requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. This structure aims to facilitate the implementation process and the integration of several management systems in a harmonized, structured and efficient manner. Such structure is as follow:
    1. Scope
    2. Normative References
    3. Terms and Definitions
    4. Context of the Organization
    5. Leadership
    6. Planning
    7. Support
    8. Operation
    9. Performance Evaluation
    10. Improvement
  2. Some concepts are replaced, such as the term “product” is replaced by “goods & services” and “continual” by “continual improvement.” “Purchasing” and “outsourcing” will be replaced by “external provision of goods and services”
  3. The new standard puts a greater emphasis on the “context of the organization” which implies a broader measurement, planning and implementation view.
  4. The new standard will take a risk-based approach to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services. The proposed standard addresses risks which can affect conformity of goods and services as well as customer satisfaction.
  5. Senior management will be required to take a more active involvement in the quality management system.
  6. There will be general requirements for documentation, with no reference to documented quality manual, documented procedures or to quality records. The DIS refers to “Documented Information.”
  7. The need for exclusions may not be considered to be necessary in the new version of the standard but feedback on this is being sought as part of the revision process.

Regardless of the upcoming changes, ISO 9001 will continue to be a generic standard, relevant to all sizes and types of organizations in any sector and it will continue to deliver “confidence in the organization’s ability to consistently provide product or services that meets customer and applicable statutory and regulatory requirements”.