Questions and Answers: ISO 9001

We answer lots of questions and post answers in our FAQ page. Here are
some common ones:

"What procedures are required?"

The standard requires six specific procedures, a quality manual, a quality
policy and quality objectives. It also requires documentation needed to plan,
operate and control your processes. For an effective system, most
organizations will need more than the six specified procedures.
More on this topic...

What is included in "work environment" and what do we need to

do to manage it?
You must provide the physical resources needed to fulfill customer
requirements. How does your work environment affect product quality?
Think about temperature, cleanliness, humidity, layout of equipment,
vibration, static, light, noise and any other factors that impact the product or
the ability of employees to produce conforming product.
Some work environment issues will overlap with preservation of product. For
example, temperature controls or ESD procedures. These can be covered in
another procedure, as long as they are taken care of.
More on this topic...

What is a quality plan?

A quality plan is a "document specifying the quality management system
elements and the resources to be applied in a specific case". The "case" may
be a product, project, process or even a specific contract.
The quality plan can consist of production paperwork, a formal plan, a table
of requirements, or other form of document that specifies what needs to be
done for operation, control, monitoring and measuring of the process,
project or product.

Incoming inspection: do we have to inspect everything?

This is a common question from organizations starting ISO 9001 programs,
so here is the good news: there is no requirement that you have to inspect
everything. The requirement is that you determine how you will know that
you have good parts, raw materials and services that go into making your
product.
More on this topic...
 Do I need to include all of my suppliers under my purchasing
procedure? Even things like cleaning supplies?
You are able to evaluate if purchases have an effect on quality of the product
or service. Decide for each item purchased how important they are to the
product or service, and determine what control you will need. Items that
directly influence quality will need to come from suppliers that have been
evaluated to determine that they can meet the quality requirements. Others
may be purchased based on price or delivery concerns.

Do we need to control our forms?

One of our frequently answered questions has to do with the control of
Forms. Why do forms have to be controlled, and how in the world can we
control them all? Well, forms are designed to make sure that you collect the
data that is required. Forms often are also acting as work instructions,
indicating steps and order of steps for a process, telling what data to collect
and specifying the acceptable limits for that data. If a change is made, it is
important to get that change out to everyone using the form. More on this
topic...
Implementation Questions

I want to lead my company to ISO 9001 Registration, where do I

start?
Start by getting a general idea of what the standard means, and how it will
affect your organization. Learn about ISO 9001.

I have been looking at your products, what customer feedback

have you received?
Glad you asked! We are very proud of the customer feedback from our
customers.
"We had our pre-audit on Wednesday and did very well on it. I want to
thank you for all the help in getting us to the point where we are now. We
went it alone like you had said we could and we are very happy with the
results. When we started this I was worried it would be too much to handle
because of all the documentation involved. Your ISO 9001-2008 doc's were
a godsend. By doing it without a consultant, I believe you get a lot better
understanding of the quality system."

"Thanks for a great product that has exactly met our needs. The documents
are well laid-out, easy to alter and easy to understand for general staff
requirements. Your product has significantly reduced the time and effort
required to implement ISO 9001. Everyone struggles when trying to write a
manual or procedures. I would prefer to spend my organization's quality
time and money on the continual improvement concepts of our ISO-9001
system, as opposed to belaboring the semantics of a Quality Manual". Pat,
Enerflex More feedback...
Technical Questions

If our company does a corrective action, and it prevents the

problem from recurring, is this considered preventive action?
No, your corrective action is taken to prevent reoccurrence of the problem; it
is part of the corrective action process. In order to be considered preventive
action you must be preventing a problem from occurring in the first place.
One good place to determine preventive action is during management
review, when you review data from the QMS. You can look at that data to
see what problems might occur in the future, and take action to prevent
them from occurring. You might also find opportunities for preventive action
by reviewing corrective actions to see if the information shows you other
problems that might occur, and take action to prevent them.

How can we identify requirements not stated by the customer,

but necessary?
This requirement is found in Customer Related Processes; these are
"implicit" requirements. What do you know about your product that the
customer does not need to specify, or may not even know themselves? You
know the intended use of your product, and are the expert on the product. If
a customer in a luggage shop requests "Carry-on Luggage", they may not
know what the acceptable size is to be able to carry on the bag. But the
company that sells their bag as "Carry-on Luggage" should know what the
restrictions are, and meet those restrictions even though the customer did
not know the size they needed.

How can supplier performance be measured?

The most common aspects of performance that are measured are quality,
service and price. What can you put goals and numbers to that will tell you
how the supplier is performing in each of these areas? Decide what the most
critical aspects are to you, is it an item that you can get from a number of
different suppliers? Is price, or on-time delivery the deciding factor? Or is it
an item or material that can vary in quality and will affect the quality of your
product? In this case, the supplier with the most consistent quality may be
the best source, regardless of the price. Measure what is most important
about what is being supplied.

What are the "Eight Quality Management Principles", and how do

they relate to what is required by ISO 9001:2008?
ISO 9001:2008 is based on these principals. While they are not part of the
requirements of the standard, a good QMS will be built around these
principals. You should be familiar with the principals, and consider how you
can use them in building your system. Can you incorporate them into your
Quality Policy, Quality Goals, and Quality Management System Review?

How is 7.5.1 "Control of production and service provision"

different from 7.1 "Planning of product realization"?
In 7.5.1 the requirements focus on the processes that actually create your
hardware or your service that is delivered to your customers. You are
required to follow the plan that you created based on requirements in 7.1
A written procedure for this section will be useful in defining how you are
meeting these requirements. By clearly documenting the way that you are
satisfying the requirements of 7.5.1 you will ensure that the requirement are
understood and followed consistently.
Most organizations will also need documentation in the form of work
instructions to control these processes. Your planning in 7.1 will determine
where these are needed; to meet the requirements of 7.5.1 these must be in
place, available to employees performing the process. Instructions can take
many different forms: written steps, pictures, drawings, prints, travelers or
flow charts are some of the methods used. Specify in your procedure what
documents are necessary for the control of your processes.
The procedure should also state how you ensure that suitable equipment is
used, and how release, delivery and post-delivery activities are controlled.

What does "ISO 9001:2000 Certified mean"?

It means that the company has been issued a certificate of conformance to that
international standard, regarding the structure, content and implementation of
its quality management system. Further, because the current version of ISO 9001
includes requirements for product design control, they conform to the
requirements for designing and developing products.

Why do some companies have ISO 9002 certification?

Since ISO 9001:2000 replaced the old ISO 9002:1994 standard there should no
longer be any organizations registered to it. Before ISO 9001:2000 companies
had the opportunity to opt for ISO 9001 or ISO 9002. So it used to mean that the
organization had not been certified as conforming to all 20 elements of the
standard series requirements. Specifically, the elements for those who develop
products may be missing or non conforming. Typically sub contractors who only
fabricate products, or only perform partial processing (such as heat treating) of
products, to requirements specified by their customers opted for ISO 9002:1994.
 What's this new version of ISO 9001?
The old ISO 9000:1994 was updated to ISO 9001 :2000. All organizations that
were once registered to ISO 9001:1994 should by now have upgraded to ISO
9001:2000. It is intended that all standards be revised every five years or so, if
only to keep pace with modern techniques. In reality standards tend to be revised
more frequently if they are widely used.
Why are some of my competitors getting ISO 9000 certified?
There are reasons why an organization should want to be registered to ISO
9001:2000:
They may have major customers requiring certification of their suppliers.
In some industries, it may be for the purpose of reducing the number of external
quality audits to which they must be subjected. (Most customers will accept
certification in lieu of their own audits.)
Certification may be 'expected' in their industry (matching the competition).
They may feel that the prestige, corporate image or marketing edge justifies
certification.
The ISO 9000 standard "levels the playing field" for business management and
quality systems, and is being accepted for this purpose throughout the world.
It is only a matter of time until most organizations involved with making or
processing any industrial (perhaps even consumer) products will be compelled to
be certified, or risk losing serious market share.

Why do companies advertise their ISO 9001:2000 certification?

It may be a matter of public relations or image for them but in many cases it can
be used to show both their existing customers and any potential customers that
they operate their business in an internationally recognized way.

What is a certification logo?

A certification logo belongs to the certification body which assesses your quality
management system. When Your organization has been assessed by a
registration body such as BSI, Lloyds, SGS, UL etc and found to be compliant
with the assessment standard. You will be allowed to display their logo on your
organizations paperwork. Each certification body has its own rules about where
and when its logo can be displayed.

When should I think about getting ISO 9001 certified?

When your business management intelligence sources or customers make it clear
that you are soon going to start losing significant business without it. Or, when
your liability insurance company makes it clear that they expect it.

What is a "pre-assessment"?
Consultancies offer a pre-assessment visit before the full-blown registrar’s
certification assessment. It is usually a 1-2 day visit, dependent on the size of your
organization. It is always advisable to have a pre-assessment audit as it provides
a chance for the assessor to take a preliminary overview look at your systems,
and to point out any glaring problems that will have to be fixed before the
certification assessment.

How long does my registration last for?

Different registrar's have different rules for length of certification validity. The
maximum period that they can issue an ISO 9001 certificate for is 3 years, and
they are required to perform follow-up maintenance assessments. This means
there will be typically two 1-2 man/day visits from your registrar annually at a
fee of around £500 each, and a re-assessment at the expiration of the certificate
at a fee of up to the cost of the original assessment. However, certain registration
bodies have certificates which do not expire but rely on covering all clauses of the
standard over a two year period along with a performance review audit.
Generally the costs work out about the same with most certification bodies.

What happened to Total Quality Management?

ISO 9001 standards and spin-off 'sister' standards contain functional
embodiments of Total Quality Management concepts within their requirements.
You might think of it as a re-packaging issue. One could say that by managing an
organization by a very well conforming ISO 9001 quality management system,
you are practicing a form of TQM... whether you call it that or not.
Do I have to be registered to use ISO 9001?
No: Some companies choose to adopt the principles of ISO 9001:2000 because it
is an internationally recognized way to run a business. One on Daiso’s books has
been using the ISO 9000 series standards for almost ten years and has never
sought registration. The executive management of the company are delighted
with the performance benefits ISO 9001 brought to their business. However, as
the organization only have one customer who has never asked for formal ISO
9001 registration, they have opted not to seek registration.

Are all ISO 9001 registration bodies the same?

No: There are now well over 100 accredited certification bodies in the UK.
Extreme care should be taken when choosing your certification body as
certification from the wrong one will not be worth the paper it is written on.
Firstly you must ensure they are accredited with a recognized Government
organization, secondly you must ensure that the scope of their accreditation
covers your industry sector. You should find out from your accountant which
"SIC" code your business is lodged under for taxation purposes, then ask the
certification body if their accreditation covers that code.

How long will it take to get ISO 9000 certified?

The amount of time it takes to gain successful registration will vary with each
organization as no two businesses are the same. A recent survey suggested that
most businesses take between 6-18 months to prepare for ISO 9001:2000
certification. The cost to the businesses ranged from about £12,000 for a small
well-organized company to £100,000 for a multi-sited organization, starting from
scratch, this is total cost for training, consultant, in-house man-hours, and
registration body fees. Often employing a consultant can save significant
amounts of money and man-hours as the consultant will have had previous
experience of introducing ISO 9001:2000 registration and will be able to give you
practical advice, know exactly what to do and when.
Before a registration body agrees to assess your organization for ISO 9001:2000
compliance it will usually require a minimum of 60-90 days of records as
evidence that the systems are established and working before they perform their
assessment. If you are successful in the registration of your organization it
usually takes about 6 weeks for the registration body to process the
documentation and issue the certificate.

What is a "gap analysis audit?

A Gap analysis audit is where an auditor compares the way you do things in your
business to what is required by the standard you want to be assessed against. If
you are considering ISO 9001:2000 for your business you would be strongly
advised to have a gap analysis audit before you start to do anything. Many
businesses spend months working towards what they believe is required by the
ISO 9001:2000 standard, only to find out that all their effort has been wasted. A
good gap analysis audit will set your business on the right path from the outset
and the auditor will provide you with a list of things that need doing to make
your processes compliant with ISO 9001:2000.

What is a "Kitemark License"?

A Kitemark license is a Product license issued by the British Standards
Institution and is very different to ISO 9001:2000. A kitemark License is issued
against a particular product, that product has to be tested and it must reach a
certain standard of performance. ISO 9001:2000 is a quality management
standard against which a certificate is issued if the management of your business
compiles.

Can any company get ISO 9001:2000?

Yes: As long as what your business does is legal in the country you operate and
you can find a certification body to carry out the certification process then no
company is excluded from gaining ISO 9001:2000 registration.

What is BS 7799 Information Security about?

BS 7799 (ISO 17799) define methods for managing information security in a
systematic way within your business. BS 7799 has two sections Parts 1 & 2.
BS 7799 part 1 is a guidance document to help any business with the security of
its information. The document has over a hundred simple security measures that
you can implement.
BS 7799 part 2 is a management system standard that uses the guidance of part 1
and translates it into a formal standard which can be assessed in a systematic
way.

Can a consultant achieve ISO 9001 for my business?

Yes and very many businesses use a consultant to save their business time and
money on set-up costs.
So many companies embark on the ISO 9001 registration process only to find
later that they have been spending money and utilizing resources on areas, which
have little or no bearing on the registration process.
A good consultant is really worth his weight in gold as he will have been through
the ISO 9001 2000 registration many times before and will know the pit-falls,
areas to avoid and where best to invest your money and resources.
If you were about to have an operation in your local hospital would you really try
to carry out the operation yourself?
Of course not! Then why would you want to carry out a major change to the way
you operate your business without an expert to hand?

Do we have to get ISO 9000 registered if we use ISO 9001?

ISO 9001:2000 is a Quality Management Standard which can be used by any
business, there is no law or mandate which states that if you use the standard you
must at some time or other become registered. The ISO 9001:2000 standard
offers the methodology of best business practice, which has been built up by
many world class organizations over a number of years.
If you want to Implement this best practice Quality Management System
Standard without being registered then that's just fine.
However, it would seem rather a pity to implement good business practice
without seeking recognition from a registration body.

Why have procedures, work instructions and training?

Although the ISO 9001 2000 standard mentions training, procedures, some of
which are mandatory, there is no specific requirement for work instructions.
Some businesses opt for multiple levels of documentation and training depending
on the complexity of their processes. In a complex process it might be necessary
to have a procedure to describe how a process is performed then have a
complimentary work instruction describing how the tasks in that process are
performed. However, in a small business with simple processes a procedure will
suffice, as long as you can demonstrate t hat process operatives have been
sufficiently trained or educated in the operation of that process.

What is a record? (ISO 9001:2000)

This is the answer to the question.]A record is generally the evidence that a
particular task has been carried out in accordance with instruction(s).
For example: If your internal audit procedure states that you close completed
audits in your audit database by flagging the "audit closed" check box. The
checked "audit closed" box in the audit database becomes a record of that
particular audit being closed. This particular example deals with computer based
records but the scenario is still applicable if you were to use a book, form or
other method to record the completed audit.

What is a work instruction? (ISO 9001:2000)

In general a work instruction dictates how a task is to be carried out, though
there is no specific restriction placed upon what can or cannot be put into a work
instruction. A work instruction will for example describe the way in which an
item is assembled whereas a procedure will state "the item is assembled".
Should I use the word "should" in my ISO 9001 documents?
Uh-ha, I've been waiting for this one. The ISO 9001 2000 standard is about the
way in which your business operates its Quality Management System and not a
spelling or grammar examination.
However, one really has to look at the importance of the task being carried out,
for example: Would you want to sign up to an insurance policy which states it
"might", "should", "may" or "sometimes" pays out? One has to be realistic,
look at how important the task is then determine how prescriptive you have to be
and then, as is so said, cut the cloth accordingly. I try wherever possible to avoid
words like might, should, can, may and sometimes etc because it removes
ambiguity and possible confusion by the reader.
If you stick to the old: Who, what, where, when, why and how in your written
instructions you will not go too far wrong.

What's the difference between certified and accredited?

A business that wishes to become certified it seeks certification from an
accreditation body such as BSI or NQA. Certification bodies such as BSI or NQA
seek accreditation from a government department so that they can certify
businesses.
What's does being ISO 9001 compliant mean?
Both non-certified and certified businesses can claim compliance with ISO
9001:2000.
For example: A non-certified business may state in their marketing literature
that they operate their Quality Management System in accordance with ISO
9001:2000. This is okay but it is then up to you as a purchaser of their products
or services to satisfy yourself that their claim is legitimate. For the purposes of
legitimacy most businesses opt to become ISO 9001:2000 registered, this proves
to perspective customers that their declaration of ISO 9001:2000 compliance in
their marketing or other literature has been validated by a reputable third-party
organization. A spin off benefit from being ISO 9001:2000 certified is that it can
assure your potential customers that you are operating legitimate business
systems without them having to first audit your business.
Conversely, potential customers may be skeptical about self-declarations of ISO
9001:2000 compliance.
Where can I find an ISO 9001 2000 Consultant?
Look no further
What is preventive action?
Preventive action addresses prospective business process problems.
For example: During the re-design of a product it is realized that it might fail to
meet its specified performance level in certain circumstances (outside of the
design input test criteria). The business raises a preventive action to design out
the potential failure mode(s) as the business feels that even though the failure
mode falls outside of the design criteria it would be bad publicity should one of
their products fail.
Another example of preventive action: A business identifies from it first quarter
sales trend analysis chart that sales for a certain product are reducing by 2% a
quarter. It also identifies that if this trend continues into the third quarter that
the product will become un-economic to manufacture. The business initiates
preventive by carrying out a survey on the merits of running an advertisement
campaign to boost sales or to cease production of the product before it becomes
uneconomic. Preventive action is about changing a business process to prevent a
foreseen problem.

What is corrective action?

Corrective action is about dealing with a business process, which has failed. The
following non-compliance report was raised during an external audit and
requires corrective action to, among other things, re-call products containing
Sudan 1 food dye.

The business had:

Released several products for human consumption containing the ban

carcinogenic food dye Sudan 1.

Failed to carry out checks on its suppliers to ensure that all constituent parts of
their products were fit for human consumption as required by procedure
ASP069/A/2,

Failed to follow procedure ASP0123/B/5 by not validating certificates of

compliance received from its suppliers to demonstrate that their suppliers'
claims of compliance with "food for human consumption regulations" were
legitimate.

Not implement its product recall procedure within the maximum time period
stated in procedure ASP007/A/4 on discovering its products contained the ban
food dye Sudan 1.

Corrective action is about dealing with the "clean-up operation" after a business
process has failed.
What does design validation mean?
Your Design validation process is the way in which your business examines the
products from your design process to ensure they meet both your and your
customer's expectations when in use. You will need to collect and collate data on
the products that you have designed to ensure they are functioning as expected in
the environment in which they are used.

What does design verification mean?

Design verification is the process that your business has adopted to check its
design outputs against its design inputs. You will need to keep records of any
product or process testing to demonstrate that your business is in fact carrying
out these checks. You will also have to demonstrate that your business has in fact
achieved its own design aspirations.

Is ISO 9001:2000 cost effective?

There have been many articles published over the years about whether or not
ISO 9000 is a cost-effective option for a business.
In my years as an auditor I have seen companies benefit greatly from ISO 9000
registration. I have seen small, medium and large companies turn themselves
around from being a disorganized mess to world class players in the field of
commerce.
Quite simply put: Its okay doing things your own way until you want to interact
with someone who operates differently. Where would we be now if we did not
have standards for railway tracks or standards for household plug sockets or
even computers or television broadcasts? ISO 9001:2000 is the standardized way
of doing business and if you want to move ahead then you have to play by the
same rules.
Of the many articles that I have read stated that many businesses which had
adopted and achieved ISO 9001:2000 registration saw increased sales,
productivity cost control and improved financial performance.

Can I get an ISO 9001 certificate from the ISO Organization?

The ISO Organization does not issue certificates of registration against any of its
standards. The ISO organization develops International Standards in
conjunction with various state governments and interested bodies.

Is it true that some businesses cannot apply for ISO 9001?

You are entitled to apply for ISO 9001:2000 registration if you are operating a
business that is legal within the country of operation and you can find a
certification body to certify you.

What is the "excellence model"?

This model is similar to the ISO standard in many ways but focuses on results
measurement and analysis. Some say that it is better than ISO 9001:2000 because
it includes financial, society and people requirements. Others, myself included,
say it is too focused on certain areas. To my mind ISO 9001:2000 covers
processes which of course could include financial and society processes for a
business, should a business decide to make these part of its goals and objectives.
 I have insufficient time to manage my ISO 9001 2000.
ISO 9001:2000 really states the minimum requirements to run a controlled
business so if you are having problems maintaining these then there is something
very wrong.
The Quality system associated with ISO 9001:2000 is to help you manage your
business and must be an integral part of its day to day operation. ISO 9001:2000
is your business management system and it must not be something that is
separate and additional to what the business does.
There are a number of options available to your business dependent upon what
you perceive to be the root cause of finding yourself in this predicament.
If you are having difficulty understanding the ISO 9001 2000 standard or are
unsure what is required it may be worth calling in a consultant to help you out in
the short term. A good consultant will help to guide and educate you. Click to
view the consultancy page.
If on the other hand your ISO 9001 2000 system is old or paper based why not
try some of the computer-based systems, such as the one we use here "Easy ISO
9001 2000® Software."
Visit the "Easy ISO 9001 2000®" software page. This excellent software controls
your documents, audits, suppliers, calibration, maintenance, training, corrective
actions, preventive actions, quality manual and procedures. It comes with a free
quality manual and example procedures. The Workload reports will save you
hours of wading through paperwork and keep your quality management system
fully up to date with minimal input from you.

Where can I find ISO 9001 2000 System Software?

Look no further; visit our [ISO 9001 2000 Software] section

Do I have to have a Quality Manual for ISO 9001 2000

Yes you do. The quality manual is central to an ISO 9001:2000 Quality
Management System and is the central document from which all other
documents and records emanate.

Which is the best Registration body for ISO 9001 2000?

Note to Registration Bodies: Please don't ask, I will not be bribed to put the
name of your certification body here.

There are now hundreds of registration bodies out there, many of which
specialize in particular fields of registration. I will say that bigger does not
necessarily mean better, many of the smaller certification bodies may be more
familiar with your industry or service sector and can offer a personalized service.
However, before employing a certification body to carry out the certification of
your business there are certain things that you must check.
Make sure that the certification bodies ISO 9001:2000 certificates are recognized and

accepted in your industry and by your customers.
Find out whether a recognized accreditation body has formally accredited your

certification body and that their accreditation covers your industry or service sector.
The frequency and cost of surveillance audits.
Total costs for certification cycle i.e. annual management fees, surveillance visits,

auditor travel and accommodation fees etc.
Confirm how much the certification body will charge to apply for registration and to
maintain your registration. How much it will cost for the initial assessment, for the

certification audit, and for future surveillance audits and reassessments where
applicable.
The above is intended a guidance only there may be other specific requirements
related to your business or industry sector.

How do I get my top management involved with ISO 9001?

ISO 9001:2000 has very specific requirements about management involvement in
the Quality Management System, in particular clause five. Education, education,
education, it is a clearly defined within the standard that management is to be
involved in the development and deployment of the Quality Management System
within your business.
Your top management will have to be instrumental in:
Setting a Quality policy for your business.
Making sure the necessary resources are available for the correct functioning of the

Quality System.
Setting Quality objectives for the business.
Holding management reviews.
Ensuring that the requirements of ISO 9001:2000 are met.
Communicating the importance of meeting customer requirements.
Often the benefit of adopting an ISO 9001:2000 system has literally to be sold to
the top management within the business. You will find many articles on this web
site to help with this task. If you are unsure how to do this it may be worth
contacting a consultant who will have all the necessary information and may do
the job for you.
You can always visit our ISO 9001 2000 training services page to arrange for one
of our consultant trainers to visit your organization to educate your managers.

How Many ISO 9000 Certificates have been issued?

At the time of writing this answer the figure world-wide stands at about 500,000
across 160 countries.
 Can I use existing documentation for ISO 9001 2000?
Yes, you can use any documentation that already exists in your business, for
example training manuals, specification manuals etc. The main point to
remember here is to include them in your document control system.

How do I address ISO 9001 2000 document control?

There is no definitive method that must be used, all the ISO 9001:2000 standard
requires is that you must be able to demonstrate control of your documents.
Your business must document a procedure for the control the your ISO
9001:2000 Quality Management System documents.
You can try and keep control of your documents using the old fashioned method
of pen, paper and physical storage of changes to documents or use some ISO
9001 2000 Quality Management System software such as, Easy, that will do all the
hard work for you.

What does being customer focused mean?

For your business to be customer focused it will have to be responsive to its
customer's current and future needs. Customer loyalty is often built on trust and
their belief that you are willing to help them achieve their goal(s). To be frank
most businesses lose customers because they fail to meet there needs be it on
delivery times, cost or adherence to specification(s) or faulty product. A business
that is customer focused tends to try and anticipate its customers needs in
advance, after all who wants last years designer jeans or shoes? Being customer
focused can often bring financial benefits to a business in the form customer
loyalty, repeat business and tolerance of minor errors on behalf of your business.

Can I use the ISO name in my literature?

The ISO organization will not permit your business to use their name on your
company literature even if your business has been certified as conforming to ISO
9001 2000.
ISO believe that use of its name by businesses may mislead third parties into
believing that your business is in some way approved by or acts on behalf of ISO.

How detailed do our ISO 9001 2000 documents have to be?

Good question. There are many quality management systems where businesses
have documented everything they do to such an extent that they cannot move for
the bureaucracy they have created. There isn't a special clause in ISO 9001 2000
that states that you must have thick documented procedures and work
instructions with mass form filling. If you want to create this then so be it, but it
is just not required or necessary.

DOCUMENTATION REQUIREMENTS OF ISO 9001:2008

ISO 9001:2008 requires a variety of documents:

(1) Quality Manual

The Quality Manual describes the overall quality management system of the company.
Writing your ISO 9001 Quality Manual is usually the first step when developing the ISO
9001 documentation. ISO 9001:2008 requires the Quality Manual in section 4.2.2

(2) Six Quality Procedures

The Quality Procedures describe in relatively general terms the overall process flow, its
interaction with related processes, as well as the distribution of authorities and
responsibilities. Writing your ISO 9001 Quality Procedures is usually considered to be
the most difficult part of developing the ISO 9001 documentation. ISO 9001:2008
requires Quality Procedures in the following sections:

ISO 9001:2008 section 4.2.3 (Control of Documents)

ISO 9001:2008 section 4.2.4 (Control of Records)
ISO 9001:2008 section 8.2.2 (Internal Audit)
ISO 9001:2008 section 8.3 (Control of Nonconforming Product)
ISO 9001:2008 section 8.5.2 (Corrective Action)
ISO 9001:2008 section 8.5.3 (Preventive Action)

(3) Quality Policy

The Quality Policy is the top-level policy directive regarding quality and customer
satisfaction at the company. It is usually a short one- to two-paragraph statement that
must meet several requirements. ISO 9001:2008 requires the Quality Policy in section
5.3.

(4) Quality Objectives

Quality Objectives are designed to support the Quality Policy. They are specific and
measurable goals. As the goals are met, new goals are set. ISO 9001:2008 requires
Quality Objectives in section 5.4.1.

(5) Process Flowchart

ISO 9001 requires "a description of the interaction between the processes of the quality
management system". Though this description can be in an form, a flowchart is a very
appropriate format. ISO 9001:2008 requires the "description" in section 4.2.2.

(6) Records
Records provide evidence that the company meets the requirements stated in the
Quality Manual, Quality Procedures, Quality Policy, Quality Objectives and Work
Instructions. There are numerous sections in which ISO 9001:2008 specifically requires
records.

A word about Work Instructions...

Work Instructions are detailed step-by-step instructions on how to perform a particular
work process. Work Instructions are typically written by the personnel performing the
actual work; the ISO 9001 Management Representative typically guides the writing of
Work Instructions and ensures that the requirements of the Quality Manual and the
Quality Procedures are met. ISO 9001:2008 does not include an absolute requirement
for Work Instructions; however, section 7.5.1. requires Work Instructions where they
add value to the company.

A word about Forms...

There is no specific requirement for ISO 9001 forms within ISO 9001:2008 but forms
can be considered both work instructions (before they are filled in) and records (after
they are filled in). For this reason, good forms save time and provide many more
benefits
Quality Management Tools -
Standard Operating Procedures
Standard Operating Procedures are written documents that describe, in
great detail, the routine procedures to be followed for a specific operation,
analysis, or action. Consistent use of an approved Standard Operating
Procedure ensures conformance with organizational practices, reduced work
effort, reduction in error occurrences, and improved data comparability,
credibility, and defensibility. Standard Operating Procedures also serve as
resources for training and for ready reference and documentation of proper
procedures.

"A Standard Operating Procedure is a document which describes the regularly recurring
operations relevant to the quality of the investigation. The purpose of a SOP is to carry
out the operations correctly and always in the same manner. A SOP should be available
at the place where the work is done".

A SOP is a compulsory instruction. If deviations from this instruction are allowed, the
conditions for these should be documented including who can give permission for this
and what exactly the complete procedure will be. The original should rest at a secure
place while working copies should be authenticated with stamps and/or signatures of
authorized persons.

Several categories and types of SOPs can be distinguished. The name "SOP" may not
always be appropriate, e.g., the description of situations or other matters may better
designated protocols, instructions or simply registration
forms. Also worksheets belonging to an analytical procedure have to be standardized
(to avoid jotting down readings and calculations on odd pieces of paper).

A number of important SOP types are:

- Fundamental SOPs. These give instructions how to make SOPs of the other
categories.
- Methodic SOPs. These describe a complete testing system or method of investigation.
- SOPs for safety precautions.
- Standard procedures for operating instruments, apparatus and other equipment.
- SOPs for analytical methods.
- SOPs for the preparation of reagents.
- SOPs for receiving and registration of samples.
- SOPs for Quality Assurance.
- SOPs for archiving and how to deal with complaints.

2.2 Initiating a SOP

As implied above, the initiative and further procedure for the preparation,
implementation and management of the documents is a procedure in itself which should
be described. These SOPs should at least mention:
a. who can or should make which type of SOP;
b. to whom proposals for a SOP should be submitted, and who adjudges the draft;
c. the procedure of approval;
d. who decides on the date of implementation, and who should be informed;
e. how revisions can be made or how a SOP can be withdrawn.

It should be established and recorded who is responsible for the proper distribution of
the documents, the filing and administration (e.g. of the original and further copies).
Finally, it should be indicated how frequently a valid SOP should be periodically
evaluated (usually 2 years) and by whom. Only officially issued copies may be used,
only then the use of the proper instruction is guaranteed.

In the laboratory the procedure for the preparation of a SOP should be as follows:

The Head of Laboratory (HoL) charges a staff member of the laboratory to draft a SOP
(or the HoL does this himself or a staff member takes the initiative). In principle, the
author is the person who will work with the SOP, but he or she should always keep in
mind that the SOP needs to be understood by others. The author requests a new
registration number from the SOP administrator or custodian (which in smaller institutes
or laboratories will often be the HoL, see 2.4). The administrator verifies if the SOP
already exists (or is drafted). If the SOP does not exist yet, the title and author are
entered into the registration system. Once the writing of a SOP is undertaken, the
management must actively support this effort and allow authors adequate preparation
time.
In case of methodic or apparatus SOPs the author asks one or more qualified
colleagues to try out the SOP. In case of execution procedures for investigations or
protocols, the project leader or HoL could do the testing. In this phase the wording of
the SOP is fine-tuned. When the test is passed, the SOP is submitted to the SOP
administrator for acceptance. Revisions of SOPs follow the same procedure.

2.3 Preparation of SOPs

The make-up of the documents should meet a minimum number of requirements:

1. Each page should have a heading and/or footing mentioning:
a. date of approval and/or version number;
b. a unique title (abbreviated if desired);
c. the number of the SOP (preferably with category);
d. page number and total number of pages of the SOP.
e. the heading (or only the logo) of originals should preferably be printed in another
color than black.

Categories can be denoted with a letter or combination of letters, e.g.:

- F for fundamental SOP
- A or APP for apparatus SOP
- M or METH for analytical method SOP
- P or PROJ for procedure to carry out a special investigation (project)
- PROT for a protocol describing a sequence of actions or operations
- ORG for an organizational document
- PERS for describing personnel matters
- RF for registration form (e.g., chemicals, samples)
- WS for worksheet (related to analytical procedures)

2. The first page, the title page, should mention:

a. general information mentioned under 2.3.1 above, including the complete title;

b. a summary of the contents with purpose and field of application (if these are not
evident from the title); if
desired the principle may be given, including a list of points that may need attention;

c. any related SOPs (of operations used in the present SOP);

d. possible safety instructions;

e. name and signature of author, including date of signing. (It is possible to record the
authors centrally in a register);

f. name and signature of person who authorizes the introduction of the SOP (including
date).
3. The necessary equipment, reagents (including grade) and other means should be
detailed.

4. A clear, unambiguous imperative description is given in a language mastered by the

user.

5. It is recommended to include criteria for the control of the described system during
operation.

6. It is recommended to include a list of contents particularly if the SOP is lengthy.

7. It is recommended to include a list of references.

2.4 Administration, Distribution, Implementation

From this description it would seem that the preparation and administration of a SOP
and other quality assurance documentation is an onerous job. However, once the draft
is made, with the use of word processors and a simple distribution scheme of persons
and departments involved, the task can be considerably eased.

A model for a simple preparation and distribution scheme is given in Figure 2-1. This is
a relation matrix which can not only be used for the laboratory but for any department or
a whole institute. In this matrix (which can be given the status of a SOP) can be
indicated all persons or departments that are involved with the subject as well as the
kind of their involvement. This can be indicated in the scheme with an involvement
code. Some of the most usual involvements are (the number can be used as the code):
1. Taking initiative for drafting
2. Drafting the document
3. Verifying
4. Authorizing
5. Implementing/using
6. Copy for information
7. Checking implementation
8. Archiving

Fig. 2-1. Matrix of information organization (see text).

There is a multitude of valid approaches for distribution of SOPs but there must always
be a mechanism for informing potential users that a new SOP has been written or that
an existing SOP has been revised or withdrawn.

It is worthwhile to set up a good filing system for all documents right at the outset. This
will spare much inconvenience, confusion and embarrassment, not only in internal use
but also with respect to the institute's management, authorities, clients and, if
applicable, inspectors of the accreditation body.

The administrator responsible for distribution and archiving SOPs may differ per
institute. In large institutes or institutes with an accredited laboratory this will be the
Quality Assurance Officer, otherwise this may be an officer of the department of
Personnel & Organization or still someone else. In non-accredited laboratories the
administration can most conveniently be done by the head of laboratory or his deputy.
The administration may be done in a logbook, by means of a card system or, more
conveniently, with a computerized database such as Perfect View or Card box.
Suspending files are very useful for keeping originals, copies and other information of
documents. The most logic system seems to make an appropriate grouping into
categories and a master index for easy retrieval. It is most convenient to keep these
files at a central place such as the office of the head of laboratory. Naturally, this does
not apply to working documents that obviously are used at the work place in the
laboratory, e.g., instrument logbooks, operation instruction manuals and laboratory
notebooks.
The data which should be stored per document are:
- SOP number
- version number
- date of issue
- date of expiry
- title
- author
- status (title submitted; being drafted; draft ready; issued)
- department of holders/users
- names of holders
- number of copies per holder if this is more than one
- registration number of SOPs to which reference is made
- historical data (dates of previous issues)

The SOP administrator keeps at least two copies of each SOP; one for the historical
and one for the back-up file. This also applies to revised versions. Superseded versions
should be collected and destroyed (except the copy for the historical file) to avoid
confusion and unauthorized use.

Examples of various categories of SOPs will be given in the ensuing chapters. The
contents of a SOP for the administration and management of SOPs can be distilled from
the above. An example of the basic format is given as Model F 002.

2.5 Laboratory notebook

Unless recorded automatically, raw data and readings of measurements are most
conveniently written down on worksheets that can be prepared for each analytical
method or procedure, including calibration of equipment. In addition, each laboratory
staff member should have a personal Notebook in which all observations, remarks,
calculations and other actions connected with the work are recorded in ink, not with a
pencil, so that they will not be erased or lost. To ensure integrity such a notebook must
meet a few minimum requirements: on the cover it must carry a unique serial number,
the owner's name, and the date of issue. The copy is issued by the QA officer or head
of laboratory who keeps a record of this (e.g. in his/her own Notebook). The user signs
for receipt, the QA officer or HoL for issue. The Notebook should be bound and the
pages numbered before issue (loose-leaf bindings are not GLP!). The first one or two
pages can be used for an index of contents (to be filled in as the book is used). Such
Notebooks can made from ordinary notebooks on sale (before issue, the page
numbering should then be done by hand or with a special stamp) or with the help of a
word processor and then printed and bound in a graphical workshop.

The instructions for the proper use of a laboratory notebook should be set down in a
protocol, an example is given as Model PROT 005. A model for the pages in a
laboratory notebook is given.

2.6 Relativization as encouragement

In the Preface it was stated that documentation should not be overdone and that for the
implementation of all new Quality Management rules the philosophy of a step-by-step
approach should be adopted. It is emphasized that protocols and SOPs, as well as the
administration involved, should be kept as simple as possible, particularly in the
beginning. The Quality Management system must grow by trial and error, with
increasing experience, by group discussions and with changing perceptions. In the
beginning, attention will be focused on basic operational SOPs, later shifting to record
keeping (as more and more SOPs are issued) and filling gaps as practice reveals
missing links in the chain of Quality Assurance. Inevitably problems will turn up. One
way to solve them is to talk with people in other laboratories who have faced similar
problems.

Do not forget that Quality Management is a tool rather than a goal. The goal is quality
performance of the laboratory.

SOPs

F 002 - Administration of Standard Operating Procedures

PROT 005 - The Use of Laboratory Notebooks
Model page of Laboratory Notebook

F 002 - Administration of Standard Operating Procedures

LOGO STANDARD OPERATING PROCEDURE Page: 1 # 2
Model: F 002 Version: 1 Date: 95-06-21
Title: Administration of Standard Operating Procedures File:

1. PURPOSE

To give unambiguous instruction for proper management and administration of

Standard Operating Procedures as they are used in the Regional Soil Survey
Institute (RSSI).

2. PRINCIPLE

Standard Operating Procedures are an essential part of a quality system. For all jobs
and duties relevant operating procedures should be available at the work station. To
guarantee that the correct version of the instruction is used copying Standard Operating
Procedures is prohibited. Standard Operating Procedures are issued on paper with the
heading printed in green.

3. FIELD OF APPLICATION

Generally for use in the quality system of RSSI but more specifically this instruction is
for use in the Chemistry Department.
4. RELATED SOPs
- F 011 The preparation of SOPs for apparatus
- F 012 The preparation of SOPs for methods
- PROJ 001 The preparation of SOPs for special investigations

5. REQUIREMENTS

Database computer program, Perfect View or Card box

6. PROCEDURE

6.1 Administration

The administration of SOPs for the Chemistry Department can be done by the Head of
Laboratory.

6.2 Initiating new SOP

(See these Guidelines, 2.2)

6.3 Revision of SOPs

(see these Guidelines, 2.2)

Author: Sign.:
QA Officer (sign.): Date of Expiry:

6.5 Distribution of SOPs

When the Sop fulfils all the necessary requirements it is printed. The author hands over
the manuscript (or the floppy disk with text) to the SOP administrator who is responsible
for the printing. The number of copies is decided by him/her and the author. Make
matrix of distribution (see Guidelines for Quality Management Fig. 2-1).

The author (or his successor) signs all copies in the presence of the administrator
before distribution. As the new copies are distributed the old ones (if there was one) are
taken in. For each SOP a list of holders is made. The holder signs for receipt of a copy.
The list is kept with the spare copies.

Copying SOPs is forbidden. Extra copies can be obtained from the SOP administrator.

Users are responsible for proper keeping of the SOPs. If necessary, copies can be
protected by a cover or foil, and/or be kept in a loose-leaf binding.

7. ARCHIVING
Proper archiving is essential for good administration of SOPs. All operating instructions
should be kept up-to-date and be accessible to personnel. Good Laboratory Practice
requires that all documentation pertaining to a test or investigation should be kept for a
certain period. SOPs belong to this documentation.

8. REFERENCES

Mention here the used Standards and other references for this SOP.
PROT 005 - The Use of Laboratory Notebooks
LOGO STANDARD OPERATING PROCEDURE Page: 1 # 2
Model: F 002 Version: 1 Date: 95-11-28
Title: The Use of Laboratory Notebooks File:

1. PURPOSE

To give instruction for proper lay-out, use and administration of Laboratory Notebooks in
order to guarantee the integrity and retrievability of raw data (if no preprinted Work
Sheets are used), calculations and notes pertaining to the laboratory work.

2. PRINCIPLE

Laboratory Notebooks may either be issued to persons for personal use or to Study
Projects for common use by participating persons. They are used to write down
observations, remarks, calculations and other actions in connection with the work. They
may be used for raw data but bound preprinted Work Sheets are preferred for this.

3. RELATED SOPs
F 001 Administration of SOPs
PROJ 001 The preparation of SOPs for Special Investigations

4. REQUIREMENTS

Bound notebooks with about 100-150 consecutively numbered pages. Any binding
which cannot be opened is suitable; a spiral binding is very convenient.

Both ruled and squared paper can be used. On each page provisions for dating and
signing for entries, and signing for verification or inspection may be made.

5. PROCEDURE

5.1 Issue

Notebooks are issued by or on behalf of the Head of Laboratory who keeps a record of
the books in circulation (this record may have a format similar to a Laboratory Notebook
or be part of the HoL's own Notebook).
On the cover, the book is marked with an assigned (if not preprinted) serial number and
the name of the user (or of the project). On the inside of the cover the HoL writes the
date of issue and signs for issue. The user (or Project Leader) signs the circulation
record for receipt.

5.2 Use

All entries are dated and made in ink. The person who makes the entry signs per entry
(in project notebooks) or at least per page (in personal notebooks). The Head of
Laboratory (and/or Project Leader) may inspect or verify entries and pages and may
sign for this on the page(s) concerned.

If entries are corrected, this should be lined out with a single line so that it is possible to
see what has been corrected. Essential corrections should be initialed and dated and
the reason for correction stated. Pages may not be removed; if necessary, a whole
page may be deleted by a diagonal line.
Author: Sign.:
QA Officer (sign.): Date of Expiry:

5.3 Withdrawal

When fall, the Notebook is exchanged for a new one. The HoL is responsible for proper
archiving. A notebook belonging to a Study Project is withdrawn when the study is
completed.

When an employee leaves the laboratory for other post (s)he should hand in her/his
notebook to the HoL

6. ARCHIVING

The Head of Laboratory is custodian of the withdrawn Laboratory Notebooks. They

must remain accessible for inspection and audit trailing,

7. REFERENCES
Model page of Laboratory Notebook
Date/Signature SUBJECT

Verified by:
Signature: ______________________ WO/Test no. __________________
Date: __________________________ File: _________________________

Tool for Process Improvement

 have a name for them too: "indispensable."
1. Cause-and-effect diagram (also called Ishikawa or fishbone chart): Identifies
many possible causes for an effect or problem and sorts ideas into useful
categories.
2. Check sheet: A structured, prepared form for collecting and analyzing data; a
generic tool that can be adapted for a wide variety of purposes.
3. Control charts: Graphs used to study how a process changes over time.
4. Histogram: The most commonly used graph for showing frequency distributions,
or how often each different value in a set of data occurs.
5. Pareto chart: Shows on a bar graph which factors are more significant.
6. Scatter diagram: Graphs pairs of numerical data, one variable on each axis, to
look for a relationship.
7. Stratification: A technique that separates data gathered from a variety of sources
so that patterns can be seen (some lists replace “stratification” with “flowchart” or
“run chart”).