U III Quality Assurance Models

8/6/2019 U III Quality Assurance Models

1/23

Models and Standards

ISO 17025 is an international standard that specifies the general requirements for the competence to carryout tests and orcalibrations. There are 15 management requirements and 10 technical requirements. Theserequirements outline what a laboratory must do to become accredited. Management system refers to theorganization's structure for managing its processes or activities that transform inputs of resources into aproduct or service which meets the organization's objectives, such as satisfying the customer's quality

requirements, complying with regulations, or meeting environmental objectives.The CMMI (Capability Maturity Model Integration) model is widely used to implement Quality Assurance(PPQA) in an organization. The CMMI maturity levels can be divided in to 5 steps, which a company canachieve by performing specific activities within the organization.

Preventing quality problems

Quality assurance, in its broadest sense, is any action taken to prevent quality problems from occurring. In practice, this means devising systems for carrying out tasks which directly affect product quality.A simple example of quality assurance is a cooking recipe. A recipe is a system for preparing a particular dish.It describes the ingredients and utensils necessary to prepare the food, the method of cooking it, how to testwhen it is ready, how to store it, and how to serve it. Cooking to a recipe produces better and more consistentresults. And the same applies to using systems in other situations.To implement systems for an organisation, you need to carry out three basic steps: first develop the system;second, document it (this takes the form of policies, procedures, and reference information); and third, inform,instruct, and train staff to use it. This process is illustrated below.

Systems of various kinds are, of course, already an integral part of all organisations. But in most cases they donot thoroughly address quality as a separate and important issue. This changes when an organisation embracesand pursues quality assurance. Quality assurance does not only apply to products. Services, and even "non-production" activities such as administration and sales, benefit from a quality assurance approach.Quality Assurance standards

Quality Assurance Standards are published documents which describe in detail what systems should be used bya company to manage quality.The table below lists some of the QA standards issued by various bodies.

Name of QA standard Issuing body Applies to:

ISO 9001: Quality Systems - Model

for quality assurance etc.

International Organisation for

standardization

General supplier qualification

Code of Good ManufacturingPractice (GMP)

Australian Health Authorities Pharmaceuticals and sterile products

Testing Laboratory Certificationstandard

National Assoc. of TestingLaboratories (NATA)(Aust)

Qualification of testing laboratories

API Q1 Quality Program American Petroleum InstituteSuppliers to the US petroleumindustry

Mil-Q-9858 US Dept. of Defense Suppliers to the US Defense Forces
http://en.wikipedia.org/wiki/ISO_17025http://en.wikipedia.org/wiki/International_standardhttp://en.wikipedia.org/wiki/Calibrationhttp://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Capability_Maturity_Model_Integrationhttp://en.wikipedia.org/wiki/ISO_17025http://en.wikipedia.org/wiki/International_standardhttp://en.wikipedia.org/wiki/Calibrationhttp://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration


2/23

These Standards exist because many large organisations will not buy from suppliers who cannot give themassurance that they have systems which support quality. These large organisations include Government DefenseDepartments, Health Departments, car manufacturers such as Ford, Toyota, and General Motors, andAerospace companies such as Boeing and Lockheed.Until the mid 1980's these large organisations published their own standards or codes for suppliers to follow,and their staff would audit supplier companies regularly to make sure they followed the code. It was not

unusual for a supplier to be audited separately by a number of larger customers, all with their own qualitysystem codes. In some instances suppliers hosted 30 or 40 quality system audits a year from all their majorcustomers. To reduce the number of audits to which individual suppliers were subjected, the InternationalOrganisation for Standards (ISO) published a series of standards in 1987 known as ISO 9000. Most largepurchasing organisations accepted this worldwide standard and ceased to issue their own codes. They alsoceased carrying out their own audits and accepted the findings of independent audit companies engaged bysupplier companies to check their systems against the ISO 9000 standards. This allowed supplier companies toreduce the number of audits to two or three per year.

Some of the independent audit companies operating in Australia are Lloyds Quality Assurance Services,Quality Assurance Services (QAS), Bureau Veritas, Benchmark Certification, SGS QA Services, and NationalAssocation of Testing Authorities (NATA).

The ISO 9000 series of QA standards

ISO 9000 is the name of a series of QA standards recognised by over 200 countries around the world andadopted as their national standards for QA. In Australia this series has been named the AS 3900 series, but thiswill change in mid 1995 to the AS/NZ/ISO 9000 series to identify it more closely with the internationalstandard. AS 3900 and ISO 9000 have identical contents.

The most important document in the ISO 9000 series is ISO 9001. This is the code against which audits areactually carried out (two other documents, ISO 9002 and ISO 9003, can also be audited against but these are'cut down' versions of ISO 9001 for companies which do not need to comply with the entire code). All the otherdocuments in the ISO 9000 series provide guidelines and explanations for how to apply ISO 9001.

The principal features of ISO 9001 are that it, takes the basic principle of QA (the need for documented systemsto support QA), and adds requirements to control system documentation to make sure it is kept up-to-daterequires companies to carry out their own internal audits of their QA system to make sure it is working properly

requires the QA system to be constantly monitored to ensure that it is effective, and that changes are constantlymade to improve itThese requirements are illustrated in the diagram below.

In addition, ISO 9001 requires organisations to include documented systems in their QA system to cover allaspects of: basic quality control (inspection, testing, test records, traceability, etc.) a product's life cycle fromthe time negotiations start with the customer, through the design process, purchasing of raw materials,production, storage, and final deliveryWhen is QA appropriate

The basic principle of QA - working out the best course of action beforehand and communicating it reliably toall those concerned - should be applied whenever a planned process is complex, has implications for other


3/23

processes, or has wide or repetitious application. Beyond this, the decision to follow the specifications in acomprehensive published QA standard rests on your organisation's answers to the following questions:

Is your organisation prepared to invest the time to follow the formal discipline required?

Does the law require your organisation's compliance with a specific standard (pharmaceuticalmanufacturers must comply with the Code of GMP)?

Do your customers insist on your organisation's compliance with a standard (many large companies

and Government Agencies and Departments have a policy of preference for suppliers with QA

Certification)?How to implement a QA system

You can implement quality assurance in a general way by identifying the tasks, processes, or systems critical tothe business and writing clear guidelines and instructions for staff. Use these guidelines and instructions fortraining and day-to-day reference. For the tasks, processes and systems covered, this will reduce:

1.the number of errors 2.waste of time and materials associated with errors

3.the number of customer complaints 4. the number of problems to fix

the time spent on giving day-to-day instructions

the time needed to improve processes and systems (by establishing a stable base)You can then take this general principle of clearly documenting tasks, processes and systems to the next levelby using ISO 9000 (or another appropriate QA system code) as a model for covering all aspects of quality, and

for establishing formal disciplines for controlling information accuracy, and reviewing and improving systems.The two levels of implementation are summarised in the table below. The table also lists the additional thingsyou can do to make your quality assurance easier to apply and even more effective.

ISO 9000 Series

ISO 9000 is a family ofstandards forquality management systems. ISO 9000 is maintained by ISO, theInternational Organization for Standardization and is administered by accreditation and certification bodies.The rules are updated, as the requirements motivate changes over time. Some of the requirements in ISO9001:2008 (which is one of the standards in the ISO 9000 family) include

a set of procedures that cover all key processes in the business;

monitoring processes to ensure they are effective;

keeping adequate records;

checking output for defects, with appropriate and corrective action where necessary;

regularly reviewing individual processes and the quality system itself for effectiveness;

and

facilitating continual improvementA company or organization that has been independently audited and certified to be in conformance withISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered". Certification to anISO 9001 standard does not guarantee any quality of end products and services; rather, it certifies thatformalized business processes are being applied.Although the standards originated in manufacturing, they are now employed across several types oforganizations. A "product", in ISO vocabulary, can mean a physical object, services, orsoftware.Contents of ISO 9001

ISO 9001 certification of a fish wholesaler in Tsukiji
http://en.wikipedia.org/wiki/Standardizationhttp://en.wikipedia.org/wiki/Quality_management_systemhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Manufacturinghttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Tsukijihttp://en.wikipedia.org/wiki/File:ISO_9001_in_Tsukiji.jpghttp://en.wikipedia.org/wiki/Standardizationhttp://en.wikipedia.org/wiki/Quality_management_systemhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Manufacturinghttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Tsukiji


4/23

ISO 9001:2008 Quality management systems Requirements is a document of approximately 30 pageswhich is available from the national standards organization in each country. Outline contents are asfollows:

Page iv:Foreword

Pages v to vii: Section 0Intro

Pages 1 to 14:Requirements

o Section 1: Scopeo Section 2:Normative Reference

o Section 3: Terms and definitions (specific to ISO 9001, not specified in ISO9000)

Pages 2 to 14 132 1o Section 4: Quality Management System

o Section 5: Management Responsibility

o Section 6:Resource Management

o Section 7:Product Realization

o Section 8: Measurement, analysis and improvement

In effect, users need to address all sections 1 to 8, but only 4 to 8 need implementing within a QMS.

Pages 15 to 22: Tables of Correspondence between ISO 9001 and other standards

Page 23:BibliographyThe standard specifies six compulsory documents:

Control of Documents (4.2.3)

Control of Records (4.2.4)

Internal Audits (8.2.2)

Control of Nonconforming Product / Service (8.3)

Corrective Action (8.5.2)

Preventive Action (8.5.3)In addition to these, ISO 9001:2008 requires a Quality Policy and Quality Manual (which may or may notinclude the above documents).[edit] 1.0 Scope

Designing Manufacturing Installation (DMI) has developed and implemented this quality managementsystem to demonstrate its ability to consistently provide an FRP product that meets customer and statutoryand regulatory requirements, and to address customer satisfaction through the effective application of the

system.1.3 QUALITY POLICY DMI accepts responsibility for the complete satisfaction of its customers. Weexercise this responsibility through adequate training of our employees, adherence to proven procedures,and total commitment to meeting and exceeding customer requirements.[edit] 4.0 Quality management system

[edit] 4.1 General

The Company documents, implements, and maintains a quality management system and continuallyimproves its effectiveness in accordance with the requirements of the ISO 9001:2008 InternationalStandard, that comprises of:(Company Name):

determines the processes needed for the quality management system and their applicationthroughout (Company Name),

determines the sequence and interaction of these processes,

determines criteria and methods needed to ensure that both the operation and control of theseprocesses are effective,

ensures the availability of resources and information necessary to support the operation andmonitoring of these processes,

monitors, measures where applicable and analyzes these processes,

implements actions necessary to achieve planned results and continual improvement of theseprocesses.

These processes are managed by (Company Name) in accordance with the requirements of the ISO9001:2008 International Standard. Where (Company Name) chooses to outsource any process that affects
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=2http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=3http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=4http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=2http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=3http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=4


5/23

product conformity with requirements, (Company Name) ensures control over such processes. The type andextent of control of such outsourced processes are identified within the quality management system.NOTE: Processes needed for the quality management system referred to above include processes formanagement activities, provision of resources, product realization, measurement, analysis, andimprovement.[edit] 4.2 Documentation requirements

[edit] 4.2.1 General SpecificationsThe quality management system documentation includes:

documented statements of a quality policy and quality objectives,

a quality manual,

documented procedures and records required by the ISO 9001:2008 International Standard, and

documents, including records determined by (Company Name) to be necessary to ensure theeffective planning, operation and control of its processes

NOTE 1: Where the term documented procedure appears within the ISO 9001:2008 InternationalStandard, means that a procedure is established, documented, implemented and maintained.NOTE 2: Documentation can be in any form or type of medium.[edit] 4.2.2 Quality manual

(Company Name) establishes and maintains a quality manual that includes

the scope of the quality management system, including details of and justification for any

exclusions, the documented procedures established for the quality management system, or reference to them,

and

a description of the interaction between the processes of the quality management system.[edit] 4.2.3 Control of documents

Documents required by the quality management system are controlled. Records required by the qualitymanagement system are controlled according to the requirements given in 4.2.4. A documented procedureis established to define the controls needed:

to approve documents for adequacy prior to issue,

to review and update as necessary and re-approve documents,

to ensure that changes and the current revision status of documents are identified,

to ensure that relevant versions of applicable documents are available at points of use,

to ensure that documents remain legible and readily identifiable,

to ensure that documents of external origin determined by the organization to be necessary for theplanning and operation of the quality management system are identified and their distributioncontrolled, and

to prevent the unintended use of obsolete documents, and to apply suitable identification to them ifthey are retained for any purpose.

Supporting DocumentationQOP-42-01 Control of Documents

[edit] 4.2.4 Control of records

Records established to provide evidence of conformity to requirements and or the effective operation of thequality management system shall be controlled. (Company Name) will establish a documented procedure todefine the controls needed for the identification, storage, protection, retrieval, retention time and dispositionof records. Records will remain legible, readily identifiable, and retrievable. Supporting DocumentationQOP-42-02 Control of Records

[edit] 5.0 Management responsibility[edit] 5.1 Management commitment

Top management is committed to the development and implementation of the quality management systemand continually improves its effectiveness by:

communicating to (Company Name) the importance of meeting customer as well as statutory andregulatory requirements,

establishing a quality policy,

establishing quality objectives,

conducting management reviews, and
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=5http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=6http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=7http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=8http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=9http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=10http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=11http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=5http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=6http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=7http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=8http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=9http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=10http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=11


6/23

ensuring the availability of resources.[edit] 5.2 Customer focus

Top management ensures that customer requirements are determined and are met with the aim of enhancingcustomer satisfaction. (see 7.2.1 and 8.2.1)[edit] 5.3 Quality policy

(Company Name) is committed to Exceeding Customer Expectations through Implementation and

Continuous Improvement of our Quality Management System. Absolute Customer Satisfaction is theexpectation and, will be achieved through supplying a Superior Product, On-time, at a Competitive Price.Top management ensures that the quality policy

is appropriate to the purpose of the quality policy,

includes a commitment to comply with requirements and continually improve the effectiveness ofthe quality management system,

provides a framework for establishing and reviewing quality objectives,

is communicated and understood within (Company Name), and

is reviewed for continuing suitability.[edit] 5.4 Planning

[edit] 5.4.1 Quality objectives

Top management ensures that quality objectives, including those needed to meet requirements for product[see 7.1 a], are established at relevant functions and levels within (Company Name). The quality objectives

are measurable and consistent with the quality policy. 1. Meet or exceed customer expectations by effectivecommunication and review of customer requirements. 2. Provide our customers high quality products andservices, on time delivery, and at a reasonable cost. 3. Effectively manage our products, processes, andservices to provide superior customer satisfaction. 4. Promote the safety, awareness, and well being ofemployees through training and education.

[edit] 5.4.2 Quality management system planning

Top management ensures that:

the planning of the quality management system is carried out in order to meet the requirementsgiven in 4.1, as well as the quality objectives, and

the integrity of the quality management system is maintained when changes to the qualitymanagement system are planned and implemented.

[edit] 5.5 Responsibility, authority and communication

[edit] 5.5.1 Responsibility and authority

Top management ensures that responsibilities and authorities are defined and communicated within(Company Name) to promote effective management of the quality system. An Organizational Chartillustrates the responsibility and relative authority of the personnel who manage, perform, and verify theactivities affecting the QMS. Changes to the quality system are planned within the framework ofmanagement reviews. These changes may be in response to changing circumstances, such as product,process, capacity, or other operational or organizational changes; or to improve the effectiveness andefficiency of the quality system. Supporting Documentation Organizational Chart

[edit] 5.5.2 Management representative

Top management has appointed a member of the organizations management who, irrespective of otherresponsibilities, has the responsibility and authority that includes

ensuring that processes needed for the quality management system are established, implementedand maintained,

reporting to top management on the performance of the quality management system and any need

for improvement, and ensuring the promotion of awareness of customer requirements throughout (Company Name).

NOTE The responsibility of a management representative can include liaison with external parties onmatters relating to the quality management system.

[edit] 5.5.3 Internal communication

Top management ensures that appropriate communication processes are established within (CompanyName) and that communication takes place regarding the effectiveness of the quality management system.[edit] 5.6 Management Review

[edit] 5.6.1 General
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=12http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=13http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=14http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=15http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=16http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=17http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=18http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=19http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=20http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=21http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=22http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=12http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=13http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=14http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=15http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=16http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=17http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=18http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=19http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=20http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=21http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=22


7/23

Top management reviews (Company Name)s quality management system, at planned intervals, to ensureits continuing suitability, adequacy and effectiveness. The review includes assessing opportunities forimprovement and the need for changes to the quality management system, including the quality policy andquality objectives. Records from management reviews are maintained (see 4.2.4). SupportingDocumentation QOP-56-01 Management Review

[edit] 5.6.2 Review input

The input to management review includes information on:

results of audits,

customer feedback,

process performance and product conformity,

status of preventive and corrective actions,

follow-up actions from previous management reviews,

changes that could affect the quality management system, and

recommendations for improvement.[edit] 5.6.3 Review output

The output from the management review includes any decisions and actions related to:

improvement of the effectiveness of the quality management system and its processes,

improvement of product related to customer requirements, and

resource needs.

[edit] 6.0 Resource management[edit] 6.1 Provision of resources

(Company Name) determines and provides the resources needed

to implement and maintain the quality management system and continually improve itseffectiveness, and

to enhance customer satisfaction by meeting customer requirements.[edit] 6.2 Human resource Management

[edit] 6.2.1 General

Personnel performing work affecting conformity to product requirements are competent on the basis ofappropriate education, training, skills and experience.

[edit] 6.2.2 Competence, training, and awareness

(Company Name) :

determines the necessary competence for personnel performing work affecting conformity to

product requirements, where applicable, provides training or takes other actions to achieve the necessary competence,

evaluates the effectiveness of the actions taken,

ensures that its personnel are aware of the relevance and importance of their activities and howthey contribute to the achievement of the quality objectives, and

maintains appropriate records of education, training, skills and experience (see 4.2.4).Supporting Documentation QOP-62-01 Competence, Training, and Awareness[edit] 6.3 Infrastructure

(Company Name) determines, provides for, and maintains the infrastructure needed to achieve conformityto product requirements. Infrastructure includes, as applicable:

buildings, workspace and associated utilities,

Process equipment (both hardware and software), and

Supporting services (such as transport, communication or information systems).Supporting Documentation QOP-63-01 Equipment Maintenance.[edit] 6.4 Work environment

(Company Name) determines and manages the work environment needed to achieve conformity to productrequirements.[edit] 7.0 Product realization

[edit] 7.1 Planning of product realization

(Company Name) plans and develops the processes needed for product realization. Planning of productrealization is consistent with the requirements of the other processes of the quality management system (see4.1). In planning product realization, (Company Name) determines the following, as appropriate:
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=23http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=24http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=25http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=26http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=27http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=28http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=29http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=30http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=31http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=32http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=33http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=23http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=24http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=25http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=26http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=27http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=28http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=29http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=30http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=31http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=32http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=33


8/23

quality objectives and requirements for the product,

the need to establish processes, and documents, and provide resources specific to the product,

required verification, validation, monitoring, measurement, inspection and test activities specificto the product and the criteria for product acceptance, and

records needed to provide evidence that the realization processes and resulting product meetrequirements (see 4.2.4).

The output of the planning is in a form suitable for (Company Name)s method of operations.NOTE 1 A document specifying the processes of the quality management system (including the productrealization processes) and the resources to be applied to a specific product, project or contract, is referred toas the quality plan.NOTE 2 (Company Name) also applies the requirements given in 7.3 to the development of productrealization processes. Supporting DocumentationQOP-71-01 Planning of Product Realization[edit] 7.2 Customer- related processes

[edit] 7.2.1 Determination of requirements related to the product

(Company Name) determines:

requirements specified by the customer, including the requirements for delivery and post-deliveryactivities,

requirements not stated by the customer but necessary for specified or intended use, where known,

statutory and regulatory requirements applicable to the product, and any additional requirements considered necessary by (Company Name).

Supporting DocumentationQOP-72-02 Order Processing & Review

[edit] 7.2.2 Review of requirements related to the product

(Company Name) reviews the requirements related to the product. This review is conducted prior to(Company Name)s commitment to supply a product to the customer (e.g. submission of tenders, acceptanceof contracts or orders, acceptance of changes to contracts or orders) and ensures that:

product requirements are defined,

contract or order requirements differing from those previously expressed are resolved, and

(Company Name) has the ability to meet the defined requirements.Records of the results of the review and actions arising from the review are maintained (see 4.2.4). Wherethe customer provides no documented statement of requirement, the customer requirements are confirmed

by (Company Name) before acceptance. Where product requirements are changed, (Company Name)ensures that relevant documents are amended and that relevant personnel are made aware of the changedrequirements.NOTE In some situations, a formal review is impractical for each order. Instead the review can coverrelevant product information such as catalogues or advertising material.Supporting Documentation QOP-72-02 Order Processing & Review

[edit] 7.2.3 Customer communication

(Company Name) determines and implements effective arrangements for communicating with customers inrelation to:

product information,

enquiries, contracts or order handling, including amendments, and

customer feedback, including customer complaints.SupportingDocumentation QOP-72-02 Order Processing & Review

QOP-85-02 Customer Complaints[edit] 7.3 Design and development

[edit] 7.3.1 design and development planning

(Company Name) plans and controls the design and development of product. During the design anddevelopment planning, (Company Name) determines:

the design and development stages.

the review, verification and validation that are appropriate to each design and development stage,and

the responsibilities and authorities for design and development.
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=34http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=35http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=36http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=37http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=38http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=39http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=34http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=35http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=36http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=37http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=38http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=39


9/23

[edit] 7.3.2 Design and development inputs

Inputs relating to product requirements shall be determined and records maintained. these inputs shallinclude

functional and performance requirements.

applicable statutory and regulatory requirements.

where applicable information derived from previous similar designs, and

other requirements essential for design and development.the inputs shall be reviewed for adequacy, requirements shall be complete, unambiguous and not in conflictwith each other.[edit] 7.4 Purchasing

[edit] 7.4.1 Purchasing process

(Company Name) ensures that purchased product conforms to specified purchase requirements. The typeand extent of control applied to the supplier and the purchased product is dependent upon the effect of the purchased product on subsequent product realization or the final product.Supporting DocumentationQOP-74-01 Purchasing

[edit] 7.4.2 Purchasing Information

Purchasing information describes the product to be purchased, including where appropriate

requirements for approval of product, procedures, processes and equipment,

requirements for qualification of personnel, and

quality management system requirements.(Company Name) ensures the adequacy of specified purchase requirements prior to their communication tothe supplier. Supporting Documentation QOP-74-01 Purchasing

[edit] 7.4.3 Verification of purchased product

(Company Name) establishes and implements the inspection or other activities necessary for ensuring thatpurchased product meets specified purchase requirements. Where (Company Name) or its customer intendsto perform verification at the suppliers premises, (Company Name) states the intended verificationarrangements and method of product release in the purchasing information.Supporting DocumentationQOP-74-02 Verification of Purchase Product[edit] 7.5 Production and service provision

[edit] 7.5.1 Control of production and service provision

As applicable, (Company Name) plans and carries out production and service provisions under controlledconditions. Controlled conditions include:

the availability of information that describes the characteristics of the product,

the availability of work instructions, as necessary,

the use of suitable equipment,

the availability and use of monitoring and measuring equipment,

the implementation of monitoring and measurement activities, and

the implementation of product release, delivery and post-delivery activities.Supporting DocumentationQOP-75-01 Work Order and Production RecordsQOP-63-01 Equipment MaintenanceQOP-76-01 Measuring and Monitoring EquipmentQOP-84-02 Final Inspection

QOP-75-06 Shipping[edit] 7.5.2 Validation of processes for production and service provision

(Company Name) validates any processes for production and service provisions where the resulting outputcannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies becomeapparent only after the product is in use or the service has been delivered. Validation demonstrates theability of these processes to achieve planned results. As applicable, (Company Name) establishesarrangements for these processes including:

defined criteria for review and approval of the processes,

approval of equipment and qualification of personnel,
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=40http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=41http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=42http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=43http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=44http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=45http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=46http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=47http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=40http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=41http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=42http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=43http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=44http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=45http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=46http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=47


10/23

use of specific methods and procedures,

requirements for records (see 4.2.4), ande) revalidation.Note: (Company Name) has no Special Processes at this time.

[edit] 7.5.3 Identification and traceability

Where appropriate, (Company Name) identifies the product by suitable means throughout product

realization. (Company Name) identifies the product status with respect to monitoring and measurementrequirements throughout product realization. Where traceability is a requirement, (Company Name)controls the unique identification of the product an maintain records (4.2.4). Supporting DocumentationQOP-75-04 Product Identification and Traceability

[edit] 7.5.4 Customer property

(Company Name) exercises care with customer property while it is under (Company Name)s control orbeing used by (Company Name). (Company Name) identifies, verifies, protects and safeguards customerproperty provided for use or incorporation into the product. If any customer property is lost, damaged orotherwise found to be unsuitable for use, (Company Name) will report this to the customer and maintainrecords (see 4.2.4).Note: Customer property can include intellectual property and personal date.Note: (Company Name) has no Customer Property at this time.[edit] 7.5.5 Preservation of product

(Company Name) preserves the product during internal processing and delivery to the intended destinationin order to maintain conformity to requirements. As applicable, preservation includes identification,handling, packaging, storage and protection. Preservation also applies to the constituent parts of a product.[edit] 7.6 Control of monitoring and measuring equipment

(Company Name) determines the monitoring and measurement to be undertaken and the monitoring andmeasuring equipment needed to provide evidence of conformity of product to determined requirements.(Company Name) establishes processes to ensure that monitoring and measurement can be carried out, andis carried out in a manner that is consistent with the monitoring and measurement requirements. Wherenecessary to ensure valid results measuring equipment is:

calibrated, verified or both at specified intervals, or prior to use, against measurement standardstraceable to international or national measurement standards; where no such standards exist, thebasis used for calibration or verification shall be recorded,

adjusted or re-adjusted as necessary,

have identification in order to determine its calibration status,

safeguarded from adjustments that would invalidate the measurement result, and

protected from damage and deterioration during handling, maintenance and storage.In addition, (Company Name) assesses and records the validity of the previous measuring results when theequipment is found not to conform to requirements. (Company Name) takes appropriate action on theequipment and any product affected. Records of the results of calibration and verification are maintained(see 4.2.4).Note: Confirmation of the ability of computer software to satisfy the intended application will typicallyinclude its verification and configuration management to maintain its suitability for use SupportingDocumentationQOP-76-01 Monitoring and Measuring Equipment[edit] 8.0 Measurement, analysis and improvement

[edit] 8.1 General

(Company Name) plans and implements the monitoring, measurement, analysis and improvementprocesses needed:

to demonstrate conformity to product requirements,

to ensure conformity of the quality management system, and

to continually improve the effectiveness of the quality management system.This includes determination of applicable methods, including statistical techniques, and the extent of theiruse.[edit] 8.2 Monitoring and measurement

[edit] 8.2.1 Customer satisfaction
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=48http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=49http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=50http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=51http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=52http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=53http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=54http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=55http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=48http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=49http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=50http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=51http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=52http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=53http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=54http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=55


11/23

As one of the measurements of the performance of the quality management system, (Company Name)monitors information relating to customer perception as to whether (Company Name) has met customerrequirements. The methods for obtaining and using this information are determined. SupportingDocumentation QOP-82-01 Customer Satisfaction

[edit] 8.2.2 Internal Audits

(Company Name) conducts internal audits at planned intervals to determine whether the qualitymanagement system:

conforms to the planned arrangements (see 7.1), to the requirements of ISO 9001:2008 and to thequality management system requirements established by (Company Name), and b)is effectivelyimplemented and maintained.

An audit program is planned, taking into consideration the status and importance of the processes and areasto be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods aredefined. The selection of auditors and conduct of audits ensure objectivity and impartiality of the auditprocess. Auditors do not audit their own work. The responsibilities and requirements for planning andconducting audits, and for reporting results and maintaining records (see 4.2.4) are defined in a documentedprocedure. The management responsible for the area being audited ensures that any necessary correctionand corrective actions are taken without undue delay to eliminate detected nonconformities and theircauses. Follow-up activities include the verification of the actions taken and the reporting of verificationresults (see 8.5.2). Supporting Documentation QOP-82-02 Internal Quality Audits

[edit] 8.2.3 Monitoring and measurement of processes

(Company Name) applies suitable methods for monitoring and where applicable, measurement of thequality management system processes. These methods demonstrate the ability of the processes to achieveplanned results. When planned results are not achieved, correction and corrective action is taken, asappropriate.

[edit] 8.2.4 Monitoring and measurement of product

(Company Name) monitors and measures the characteristics of the product to verify that productrequirements have been met. This is carried out at appropriate stages of the product realization process inaccordance with the planned arrangements (see 7.1). Evidence of conformity with the acceptance criteria ismaintained. Records indicate the person(s) authorizing release of product for delivery to the customer (see4.2.4). The release of product and delivery of service to the customer does not proceed until the plannedarrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevantauthority and where applicable, by the customer. Supporting Documentation QOP-82-03 In Process

Inspections QOP-82-04 Final Inspection[edit] 8.3 Control of nonconforming product

(Company Name) ensures that product which does not conform to product requirements is identified andcontrolled to prevent its unintended use or delivery. A documented procedure is established to define thecontrols and related responsibilities and authorities for dealing with nonconforming products. Whereapplicable (Company Name) deals with nonconforming product by one or more of the following ways:

by taking action to eliminate the detected nonconformity,

by authorizing its use, release or acceptance under concession by a relevant authority and, whereapplicable, by the customer, and

by taking action to preclude its original intended use or application.

by taking action appropriate to the effects, or potential effects, of the nonconformity whennonconforming product is detected after delivery or use has started.

When nonconforming product is corrected the product is subject to re-verification to demonstrate

conformity to the requirements. When nonconforming product is detected after delivery or use has started,(Company Name) takes action appropriate to the effects, or potential effects, of the nonconformity. Recordsof the nature of nonconformities and any subsequent actions taken, including concessions obtained, aremaintained (see 4.2.4). Supporting Documentation QOP-83-01 Control of Nonconforming Product[edit] 8.4 Analysis of data

(Company Name) determines, collects and analyzes appropriate data to demonstrate the suitability andeffectiveness of the quality management system and to evaluate where continual improvement of theeffectiveness of the quality management system can be made. This includes data generated as a result of
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=56http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=57http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=58http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=59http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=60http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=56http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=57http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=58http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=59http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=60


12/23

monitoring and measurement and from other relevant sources. The analysis of data provides informationrelating to:

customer satisfaction (see 8.2.1),

conformity to product requirements (see 8.2.4),

characteristics and trends of processes and products including opportunities for preventive action(see 8.2.3 and 8.2.4),

suppliers (see 7.4),Supporting Documentation QOP-56-01 Management Review[edit] 8.5 Improvement

[edit] 8.5.1 Continual improvement

(Company Name) continually improves the effectiveness of the quality management system through theuse of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actionsand management reviews. Supporting Documentation QOP-85-01 Continual Improvement

[edit] 8.5.2 Corrective action

(Company Name) takes action to eliminate the causes of nonconformities in order to prevent recurrence.Corrective actions are appropriate to the effects of the nonconformities encountered. A documentedprocedure is established to define requirements for:

reviewing nonconformities (including customer complaints),

determining the causes of nonconformities,

evaluating the need for action to ensure that nonconformities do not recur, determining and implementing action needed,

records of the results of action taken (see 4.2.4), and

reviewing the effectiveness of the corrective action taken.Supporting Documentation QOP-85-02 Customer Complaints QOP-85-03 Corrective and PreventiveActions

[edit] 8.5.3 Preventive action

(Company Name) determines actions to eliminate the causes of potential nonconformities in order toprevent their occurrence. Preventive actions are appropriate to the effects of the potential problems. Adocumented procedure is established to define requirements for:

determining potential nonconformities and their causes,

evaluating the need for action to prevent occurrence of nonconformities,

determining and implementing action needed,

records of results of action taken (see 4.2.4), and reviewing the effectiveness of the preventive action taken.

Supporting Documentation QOP-85-03 Corrective and Preventive Actions[edit] 1987 version

ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three 'models' for qualitymanagement systems, the selection of which was based on the scope of activities of the organization:

ISO 9001:1987 Model for quality assurance in design, development, production, installation, andservicing was for companies and organizations whose activities included the creation of newproducts.

ISO 9002:1987 Model for quality assurance in production, installation, and servicing hadbasically the same material as ISO 9001 but without covering the creation of new products.

ISO 9003:1987 Model for quality assurance in final inspection and test covered only the finalinspection of finished product, with no concern for how the product was produced.

ISO 9000:1987was also influenced by existing U.S. and otherDefense Standards ("MIL SPECS"), and sowas well-suited to manufacturing. The emphasis tended to be placed on conformance with proceduresrather than the overall process of managementwhich was likely the actual intent.[citation needed]

[edit] 1994 version

ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product,and continued to require evidence of compliance with documented procedures. As with the first edition, thedown-side was that companies tended to implement its requirements by creating shelf-loads of proceduremanuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improvingprocesses could actually be impeded by the quality system.[citation needed]
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=61http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=62http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=63http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=64http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=65http://en.wikipedia.org/wiki/Defense_Standardhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=66http://en.wikipedia.org/wiki/Quality_assurancehttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=61http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=62http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=63http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=64http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=65http://en.wikipedia.org/wiki/Defense_Standardhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=66http://en.wikipedia.org/wiki/Quality_assurancehttp://en.wikipedia.org/wiki/Wikipedia:Citation_needed


13/23

[edit] 2000 version

ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design anddevelopment procedures are required only if a company does in fact engage in the creation of newproducts. The 2000 version sought to make a radical change in thinking by actually placing the concept ofprocess management front and center ("Process management" was the monitoring and optimizing of acompany's tasks and activities, instead of just inspecting the final product). The 2000 version also demandsinvolvement by upper executives, in order to integrate quality into the business system and avoiddelegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics numerical measurement of the effectiveness of tasks and activities.Expectations of continualprocess improvement and tracking customer satisfaction were made explicit.The ISO 9000 standard is continually being revised by standing technical committees and advisory groups,who receive feedback from those professionals who are implementing the standard.[1]ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 and somechanges intended to improve consistency with ISO 14001:2004. There are no new requirements.Explanation of changes in ISO 9001:2008. A quality management system being upgraded just needs to bechecked to see if it is following the clarifications introduced in the amended version.[edit] Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorizecertification bodies, which audit organizations applying for ISO 9001 compliance certification. Althoughcommonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality

management can be certified is ISO 9001:2008. Both the accreditation bodies and the certification bodiescharge fees for their services. The various accreditation bodies have mutual agreements with each other toensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.The applying organization is assessed based on an extensive sample of its sites, functions, products,services and processes; a list of problems ("action requests" or "non-compliance") is made known to themanagement. If there are no major problems on this list, or after it receives a satisfactory improvement planfrom the management showing how any problems will be resolved, the certification body will issue an ISO9001 certificate for each geographical site it has visited.An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommendedby the certification body, usually around three years. There are no grades of competence within ISO 9001:either a company is certified (meaning that it is committed to the method and model of quality managementdescribed in the standard), or it is not. In this respect, it contrasts with measurement-based quality systemssuch as the Capability Maturity Model.

[edit] AuditingTwo types of auditing are required to become registered to the standard: auditing by an externalcertification body (external audit) and audits by internal staff trained for this process (internal audits). Theaim is a continual process of review and assessment, to verify that the system is working as it's supposed to,find out where it can improve and to correct or prevent problems identified. It is considered healthier forinternal auditors to audit outside their usual management line, so as to bring a degree of independence totheir judgments.Under the 1994 standard, the auditing process could be adequately addressed by performing "complianceauditing":

Tell me what you do (describe the business process)

Show me where it says that (reference the procedure manuals)

Prove that this is what happened (exhibit evidence in documented records)The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote

"compliance" by focusing on risk, status and importance. This means they are expected to make morejudgments on what is effective, rather than merely adhering to what is formally prescribed. The differencefrom the previous standard can be explained thus:Under the 1994 version, the question was broadly "Are you doing what the manual says you should bedoing?", whereas under the 2000 version, the question is more "Will this process help you achieve yourstated objectives? Is it a good process or is there a way to do it better?"[edit] Industry-specific interpretations

The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to make sensewithin a particular organization. Developing software is not like making cheese or offering counseling
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=67http://en.wikipedia.org/wiki/Process_managementhttp://en.wikipedia.org/wiki/Process_improvementhttp://iso9001-consultant.co.uk/http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=68http://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Accredited_Certification_Bodieshttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=69http://en.wikipedia.org/wiki/Auditinghttp://en.wikipedia.org/wiki/Certification_bodyhttp://en.wikipedia.org/wiki/External_Audithttp://en.wikipedia.org/wiki/Internal_audithttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=70http://en.wikipedia.org/wiki/Software_development_processhttp://en.wikipedia.org/wiki/Cheesehttp://en.wikipedia.org/wiki/Counselinghttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=67http://en.wikipedia.org/wiki/Process_managementhttp://en.wikipedia.org/wiki/Process_improvementhttp://iso9001-consultant.co.uk/http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=68http://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Accredited_Certification_Bodieshttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=69http://en.wikipedia.org/wiki/Auditinghttp://en.wikipedia.org/wiki/Certification_bodyhttp://en.wikipedia.org/wiki/External_Audithttp://en.wikipedia.org/wiki/Internal_audithttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=70http://en.wikipedia.org/wiki/Software_development_processhttp://en.wikipedia.org/wiki/Cheesehttp://en.wikipedia.org/wiki/Counseling


14/23

services; yet the ISO 9001 guidelines, because they are business, management guidelines can be applied toeach of these. Diverse organizationspolice departments (US), professional soccer teams (Mexico) andcity councils (UK)have successfully implemented ISO 9001:2000 systems.Over time, various industry sectors have wanted to standardize their interpretations of the guidelines withintheir own marketplace. This is partly to ensure that their versions of ISO 9000 have their specificrequirements, but also to try and ensure that more appropriately trained and experienced auditors are sent toassess them.

The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade tosuit the processes of the information technology industry, especially software development.

AS9000 is the Aerospace Basic Quality System Standard, an interpretation developed by majoraerospace manufacturers. Those major manufacturers include AlliedSignal, Allison Engine,Boeing, General Electric Aircraft Engines, Lockheed-Martin, McDonnell Douglas, NorthropGrumman, Pratt & Whitney, Rockwell-Collins, Sikorsky Aircraft, and Sundstrand. The currentversion is AS9100.

PS 9000 is an application of the standard for Pharmaceutical Packaging Materials. ThePharmaceutical Quality Group (PQG) of the Institute of Quality Assurance (IQA) has developedPS 9000:2001. It aims to provide a widely accepted baseline GMP framework of best practicewithin the pharmaceutical packaging supply industry. It applies ISO 9001: 2000 to pharmaceuticalprinted and contact packaging materials.

QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford,Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS16949.

ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers(American and European manufacturers); the latest version is based on ISO 9001:2008. Theemphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2009 containsthe full text of ISO 9001:2008 and automotive industry-specific requirements.

TL 9000 is the Telecom Quality Management and Measurement System Standard, aninterpretation developed by the telecom consortium, QuEST Forum. The current version is 4.0 andunlike ISO 9001 or the above sector standards, TL 9000 includes standardized productmeasurements that can be benchmarked. In 1998 QuEST Forum developed the TL 9000 QualityManagement System to meet the supply chain quality requirements of the worldwidetelecommunications industry.

ISO 13485:2003is the medical industry's equivalent of ISO 9001:2000. Whereas the standards itreplaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices, ISO13485:2003 is a stand-alone standard. Compliance with ISO 13485 does not necessarily meancompliance with ISO 9001:2000.

ISO/IEC 90003:2004 provides guidelines for the application of ISO 9001:2000 to computersoftware.

ISO/TS 29001 is quality management system requirements for the design, development,production, installation and service of products for the petroleum, petrochemical and natural gasindustries. It is equivalent to API Spec Q1 without the Monogram annex.

[edit] Effectiveness

The debate on the effectiveness of ISO 9000 commonly centers on the following questions:1. Are the quality principles in ISO 9001:2000 of value? (Note that the version date is important: in

the 2000 version ISO attempted to address many concerns and criticisms of ISO 9000:1994).

2. Does it help to implement an ISO 9001:2000 compliant quality management system?3. Does it help to obtain ISO 9001:2000 certification?Effectiveness of the ISO system being implemented depends on a number of factors, the most significant ofwhich are:

1. Commitment of Senior Management to monitor, control, and improve quality. Organizations thatimplement an ISO system without this desire and commitment, often take the cheapest road to geta certificate on the wall and ignore problem areas uncovered in the audits.

2. How well the ISO system integrates into their business practices. Many organizations thatimplement ISO try to make their system fit into a cookie-cutter quality manual rather than create a
http://en.wikipedia.org/wiki/Soccerhttp://en.wikipedia.org/wiki/TickIThttp://en.wikipedia.org/wiki/AS9000http://en.wikipedia.org/wiki/AS9100http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysishttp://en.wikipedia.org/wiki/Advanced_Product_Quality_Planninghttp://en.wikipedia.org/wiki/ISO/TS_16949http://en.wikipedia.org/wiki/TL_9000http://www.questforum.org/http://en.wikipedia.org/wiki/ISO_13485:2003http://en.wikipedia.org/wiki/ISO_13485:2003http://en.wikipedia.org/w/index.php?title=ISO/IEC_90003:2004&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=ISO/TS_29001&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=71http://en.wikipedia.org/wiki/Soccerhttp://en.wikipedia.org/wiki/TickIThttp://en.wikipedia.org/wiki/AS9000http://en.wikipedia.org/wiki/AS9100http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysishttp://en.wikipedia.org/wiki/Advanced_Product_Quality_Planninghttp://en.wikipedia.org/wiki/ISO/TS_16949http://en.wikipedia.org/wiki/TL_9000http://www.questforum.org/http://en.wikipedia.org/wiki/ISO_13485:2003http://en.wikipedia.org/w/index.php?title=ISO/IEC_90003:2004&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=ISO/TS_29001&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=71


15/23

manual that documents existing practices and only adds new processes to meet the ISO standardwhen necessary.

3. How well the ISO system focuses on improving the customer experience. The broadest definitionof quality is "Whatever the customer perceives good quality to be". This means that you don'tnecessarily have to make a product that never fails, some customers will have a higher tolerancefor product failures if they always receive shipments on-time, or some other dimension ofcustomer service. Your ISO system should take into account all areas of the customer experience,the industry expectations, and seek to improve them on a continual basis. This means taking intoaccount all processes that deal with the three stakeholders (your customers, your suppliers, andyour organization), only then will you be able to sustain improvements in your customerexperience.

4. How well the auditor finds and communicates areas of improvement. Now, ISO auditors may notprovide consulting to the clients they audit, however, there is the potential for auditors to point outareas of improvement. Many auditors simply rely on submitting reports that indicate complianceor non-compliance with the appropriate section of the standard, however, to most executives, thisis like speaking a foreign language. Auditors that can clearly identify and communicate areas ofimprovement in language and terms executive management understands allows the companiesthey audit to act on improvement initiatives. When management doesn't understand why they werenon-compliant and the business implications, they simply ignore the reports and focus on whatthey do understand.

[edit] Advantages

It is widely acknowledged that proper quality management improves business, often having a positiveeffect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance oflitigation.The quality principles in ISO 9000:2000 are also sound, according to Wade and Barnes, who saythat "ISO 9000 guidelines provide a comprehensive model for quality management systems that can makeany company competitive implementing ISO often gives the following advantages:

1. Create a more efficient, effective operation2. Increase customer satisfaction and retention3. Reduce audits4. Enhance marketing5. Improve employee motivation, awareness, and morale6. Promote international trade7. Increases profit

8. Reduce waste and increases productivity.[edit] Problems

A common criticism of ISO 9001 is the amount of money, time and paperwork required for registration. [1]

According to Barnes, "Opponents claim that it is only for documentation. Proponents believe that if acompany has documented its quality systems, then most of the paperwork has already been completed."[2]

ISO 9001 is not in any way an indication that products produced using its certified systems are any good. Acompany can intend to produce a poor quality product and providing it does so consistently and with theproper documentation can put an ISO 9001 stamp on it. According to Seddon, ISO 9001 promotesspecification, control, and procedures rather than understanding and improvement. [3][4] Wade argues thatISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies intothinking that certification means better quality, ... [undermining] the need for an organization to set its ownquality standards." [5]Paraphrased, Wade's argument is that reliance on the specifications of ISO 9001 doesnot guarantee a successful quality system.

While internationally recognized, most US consumers are not aware of ISO 9000 and it holds no relevanceto them. The added cost to certify and then maintain certification may not be justified if product end usersdo not require ISO 9000. The cost can actually put a company at a competitive disadvantage whencompeting against a non ISO 9000 certified company.The standard is seen as especially prone to failure when a company is interested in certification beforequality.[3] Certifications are in fact often based on customer contractual requirements rather than a desire toactually improve quality.[2][6] "If you just want the certificate on the wall, chances are, you will create apaper system that doesn't have much to do with the way you actually run your business," said ISO's RogerFrost.[6] Certification by an independent auditor is often seen as the problem area, and according to Barnes,
http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=72http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=73http://en.wikipedia.org/wiki/ISO_9000#cite_note-clifford-0http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon-2http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon2-3http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon2-3http://en.wikipedia.org/wiki/ISO_9000#cite_note-wade-4http://en.wikipedia.org/wiki/ISO_9000#cite_note-wade-4http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon-2http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon-2http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-henricks-5http://en.wikipedia.org/wiki/ISO_9000#cite_note-henricks-5http://en.wikipedia.org/wiki/ISO_9000#cite_note-henricks-5http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=72http://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=73http://en.wikipedia.org/wiki/ISO_9000#cite_note-clifford-0http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon-2http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon2-3http://en.wikipedia.org/wiki/ISO_9000#cite_note-wade-4http://en.wikipedia.org/wiki/ISO_9000#cite_note-seddon-2http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-henricks-5http://en.wikipedia.org/wiki/ISO_9000#cite_note-henricks-5


16/23

"has become a vehicle to increase consulting services." [2] In fact, ISO itself advises that ISO 9001 can beimplemented without certification, simply for the quality benefits that can be achieved.[7]

Another problem reported is the competition among the numerous certifying bodies, leading to a softerapproach to the defects noticed in the operation of the Quality System of a firm.Abrahamson[8] argued that fashionable management discourse such as Quality Circles tends to follow alifecycle in the form of abell curve, possibly indicating a management fad.[edit] Summary

A good overview for effective use of ISO 9000 is provided by Barnes: "Good business judgment is neededto determine its proper role for a company. Is certification itself important to the marketing plans of thecompany? If not, do not rush to certification Even without certification, companies should utilize the ISO9000 model as a benchmark to assess the adequacy of its quality programs."

Capability Maturity Model (CMM)

CMM (Capability Maturity Model) is a model of process maturity for software development - anevolutionary model of the progress of a companys abilities to develop software.

In November 1986, the American Software Engineering Institute (SEI) in cooperation with MitreCorporation created the Capability Maturity Model for Software.

Development of this model was necessary so that the U.S. federal government could objectively evaluatesoftware providers and their abilities to manage large projects.

Many companies had been completing their projects with significant overruns in schedule and budget. Thedevelopment and application of CMM helps to solve this problem.

The key concept of the standard is organizational maturity. A mature organization has clearly definedprocedures for software development and project management. These procedures are adjusted and perfected as required.

In any software development company there are standards for processes of development, testing, andsoftware application; and rules for appearance of final program code, components, interfaces, etc.

The CMM model defines five levels of organizational maturity:
http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-isosurvey-6http://en.wikipedia.org/wiki/ISO_9000#cite_note-7http://en.wikipedia.org/wiki/Quality_Circleshttp://en.wikipedia.org/wiki/Enterprise_life_cyclehttp://en.wikipedia.org/wiki/Normal_distributionhttp://en.wikipedia.org/wiki/Management_fadhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=74http://en.wikipedia.org/wiki/ISO_9000#cite_note-barnes-1http://en.wikipedia.org/wiki/ISO_9000#cite_note-isosurvey-6http://en.wikipedia.org/wiki/ISO_9000#cite_note-7http://en.wikipedia.org/wiki/Quality_Circleshttp://en.wikipedia.org/wiki/Enterprise_life_cyclehttp://en.wikipedia.org/wiki/Normal_distributionhttp://en.wikipedia.org/wiki/Management_fadhttp://en.wikipedia.org/w/index.php?title=ISO_9000&action=edit&section=74


17/23

1. Initial level is a basis for comparison with the next levels. In an organization at the initial level,conditions are not stable for the development of quality software. The results of any projectdepend totally on the managers personal approach and the programmers experience, meaning thesuccess of a particular project can be repeated only if the same managers and programmers areassigned to the next project. In addition, if managers or programmers leave the company, thequality of produced software will sharply decrease. In many cases, the development process comes

down to writing code with minimal testing.2. Repeatable level. At this level, project management technologies have been introduced in a

company. That project planning and management is based on accumulated experience and thereare standards for produced software (these standards are documented) and there is a special qualitymanagement group. At critical times, the process tends to roll back to the initial level.

3. Defined level. Here, standards for the processes of software development and maintenance areintroduced and documented (including project management). During the introduction of standards,a transition to more effective technologies occurs. There is a special quality managementdepartment for building and maintaining these standards. A program of constant, advancedtraining of staff is required for achievement of this level. Starting with this level, the degree oforganizational dependence on the qualities of particular developers decreases and the process doesnot tend to roll back to the previous level in critical situations.

4. Managed level. There are quantitative indices (for both software and process as a whole)

established in the organization. Better project management is achieved due to the decrease ofdigression in different project indices. However, sensible variations in process efficiency may bedifferent from random variations (noise), especially in mastered areas.

5. Optimizing level. Improvement procedures are carried out not only for existing processes, butalso for evaluation of the efficiency of newly introduced innovative technologies. The main goalof an organization on this level is permanent improvement of existing processes. This shouldanticipate possible errors and defects and decrease the costs of software development, by creatingreusable components for example.

The Software Engineering Institute (SEI) constantly analyzes the results of CMM usage by differentcompanies and perfects the model taking into account accumulated experienceCapability Maturity Model (CMM) - WIKKI

The Capability Maturity Model (CMM) is a service markowned by Carnegie Mellon University (CMU)and refers to a development model elicited from actual data. The data were collected from organizations

that contracted with the U.S. Department of Defense, who funded the research, and they became thefoundation from which CMU created the Software Engineering Institute (SEI). Like any model, it is anabstraction of an existing system.When it is applied to an existing organization's software development processes, it allows an effectiveapproach toward improving them. Eventually it became clear that the model could be applied to otherprocesses. This gave rise to a more general concept that is applied to business processes and to developingpeople.Overview

The Capability Maturity Model (CMM) was originally developed as a tool for objectively assessing theability of government contractors' processes to perform a contracted software project. The CMM is basedon the process maturity framework first described in the 1989 book Managing the Software Process byWatts Humphrey. It was later published in a report in 1993 (Technical Report CMU/SEI-93-TR-024 ESC-TR-93-177 February 1993, Capability Maturity Model SM for Software, Version 1.1) and as a book by the

same authors in 1995.Though the CMM comes from the field ofsoftware development, it is used as a general model to aid inimproving organizational business processes in diverse areas; for example in software engineering, systemengineering, project management, software maintenance, risk management, system acquisition, informationtechnology (IT), services, business processes generally, and human capital management. The CMM has been used extensively worldwide in government, commerce, industry and software developmentorganizations.CMM-rated organizations
http://en.wikipedia.org/wiki/Service_markhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/System_engineeringhttp://en.wikipedia.org/wiki/System_engineeringhttp://en.wikipedia.org/wiki/Project_managementhttp://en.wikipedia.org/wiki/Software_maintenancehttp://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Information_technologyhttp://en.wikipedia.org/wiki/Information_technologyhttp://en.wikipedia.org/wiki/Service_markhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/System_engineeringhttp://en.wikipedia.org/wiki/System_engineeringhttp://en.wikipedia.org/wiki/Project_managementhttp://en.wikipedia.org/wiki/Software_maintenancehttp://en.wikipedia.org/wiki/Risk_managementhttp://en.wikipedia.org/wiki/Information_technologyhttp://en.wikipedia.org/wiki/Information_technology


18/23

An organization may be assessed by an SEI-Authorized Lead Appraiser, and will then be able to claim thatthey have been assessed as CMM level X, where X is from 1 to 5. Although sometimes called CMM-certification, the SEI doesn't use this term due to certain legal implications.The SEI maintains a list[1] of organizations assessed for CMM since 2006.Many India based software offshoring companies were amongst the first organizations to receive thehighest CMM rating.History

The need for software processes prior to CMM

In the 1970s the use of computers became more widespread, flexible and less expensive. Organizations began to adopt computerized information systems, and the demand for software development grewsignificantly. The processes for software development were in their infancy, with few standard or "bestpractice" approaches defined.As a result, the growth was accompanied by growing pains: project failure was common, and the field ofcomputer science was still in its infancy, and the ambitions for project scale and complexity exceeded themarket capability to deliver. Individuals such as Edward Yourdon, Larry Constantine, Gerald Weinberg,Tom DeMarco, and David Parnas began to publish articles and books with research results in an attempt toprofessionalize the software development process.In the 1980s, several US military projects involving software subcontractors ran over-budget and werecompleted much later than planned, if they were completed at all. In an effort to determine why this wasoccurring, the United States Air Force funded a study at the SEI.Precursor to CMM

The Quality Management Maturity Grid was developed by Philip Crosby in his book "Quality Is Free".[2]

Note that the first application of a staged maturity model to IT was not by CMM/SEI, but rather by RichardL. Nolan, who, in 1973 published the Stages of growth model for IT organizations.[3]

Watts Humphrey began developing his process maturity concepts during the later stages of his 27 yearcareer at IBM. (References needed)The development of CMM at SEI

Active development of the model by the US Department of Defense Software Engineering Institute (SEI)began in 1986 when Humphrey joined the Software Engineering Institute located at Carnegie MellonUniversity in Pittsburgh, Pennsylvania after retiring from IBM. At the request of the U.S. Air Force hebegan formalizing his Process Maturity Framework to aid the U.S. Department of Defense in evaluating thecapability of software contractors as part of awarding contracts.The result of the Air Force study was a model for the military to use as an objective evaluation of software

subcontractors' process capability maturity. Humphrey based this framework on the earlier QualityManagement Maturity Grid developed by Philip B. Crosby in his book "Quality Is Free". [2] However,Humphrey's approach differed because of his unique insight that organizations mature their processes instages based on solving process problems in a specific order. Humphrey based his approach on the stagedevolution of a system of software development practices within an organization, rather than measuring thematurity of each separate development process independently. The CMM has thus been used by differentorganizations as a general and powerful tool for understanding and then improving general businessprocess performance.Watts Humphrey's Capability Maturity Model (CMM) was published in 1988[4] and as a book in 1989, inManaging the Software Process.[5]

Organizations were originally assessed using a process maturity questionnaire and a Software CapabilityEvaluation method devised by Humphrey and his colleagues at the Software Engineering Institute (SEI).The full representation of the Capability Maturity Model as a collection of defined process areas and

practices at each of the five maturity levels was initiated in 1991, with Version 1.1 being completed inJanuary 1993.[6] The CMM was published as a book[7] in 1995 by its primary authors, Mark C. Paulk,Charles V. Weber, Bill Curtis, and Mary Beth Chrissis.CMM is superseded by CMMI

The CMM model proved useful to many organizations, but its application in software development hassometimes been problematic. Applying multiple models that are not integrated within and across anorganization could be costly in terms of training, appraisals, and improvement activities. The CapabilityMaturity Model Integration (CMMI) project was formed to sort out the problem of using multiple CMMs.
http://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-0http://en.wikipedia.org/wiki/Edward_Yourdonhttp://en.wikipedia.org/wiki/Larry_Constantinehttp://en.wikipedia.org/wiki/Gerald_Weinberghttp://en.wikipedia.org/wiki/Tom_DeMarcohttp://en.wikipedia.org/wiki/David_Parnashttp://en.wikipedia.org/wiki/United_States_Air_Forcehttp://en.wikipedia.org/wiki/Quality_Management_Maturity_Gridhttp://en.wikipedia.org/wiki/Philip_Crosbyhttp://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-crosby79qif-1http://en.wikipedia.org/wiki/Richard_L._Nolanhttp://en.wikipedia.org/wiki/Richard_L._Nolanhttp://en.wikipedia.org/wiki/Stages_of_growth_modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-2http://en.wikipedia.org/wiki/Watts_Humphreyhttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Pittsburgh,_Pennsylvaniahttp://en.wikipedia.org/wiki/Philip_B._Crosbyhttp://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-crosby79qif-1http://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-crosby79qif-1http://en.wikipedia.org/wiki/Capability_Maturity_Model#cite_note-3http://en.wikipedia.org/wiki/Capability_Maturity_Model#c

U III Quality Assurance Models

Documents

Transcript of U III Quality Assurance Models