Ep 6: ISO Quality Management Systems

ISO: Section 4 and Section 5

The ISO standard is structured so that the first section with required actions is section 4, titled the context of the organization. 

This section addresses the background information leading to the establishment of the quality management system. 

Along with leadership requirements found in section 5, these first sections establish in writing why the quality management system is developed for each organization, as well as who leads the quality management system, and lastly, it requires the creation of the quality policy governing the quality management system within the organization. 

In our previous episodes of this series we discussed that there are no requirements for defining a quality department or even a quality manager, and what we see in the first two sections of the ISO code is simply that the individuals at the highest levels of the organization need to determine who should lead the program, who reports to them, and how this structure addresses the quality needs and requirements. 

Kellerman Consulting strongly recommends that careful consideration is given to what the critical quality measurements and key performance indicators should be and whether a quality control department, quality assurance department or a combination of the two is best to set up as part of developing the structure of the ISO quality management system.

ISO: Risk and Opportunities

Once the context of the quality management system for the organization has been established to meet the requirements section 4, and leadership,  organizational structure and a quality policy has been developed to address the requirements in section 5, we need to turn our attention to the planning of the quality management system. 

The three areas of planning required by the ISO code in section 6 are risk and opportunities, quality objectives, and management of change. 

Starting with the determination of the risks and opportunities can be accomplished through established business techniques like SWOT analysis, aspects and impacts planning, 1 year, 3 year and 5 year business plans.

Assessing regulatory and safety requirements, performing market research and communicating with strategic partners or industry trade organizations may be very helpful as part of performing the planning actions. 

Each product and service within the quality management system needs to be included in these planning actions, and members of leadership, operations and quality need to be assigned tasks that address the results of planning based on determined risks and opportunities. 

ISO: Quality Objectives 

Beyond risks and opportunities for the organization, section 6 of the ISO code requires that quality objectives be determined. Here we can directly tie-in the critical quality metrics and key performance indicators we have covered previously.

When the organization is determining what the quality objectives are, both the leadership discussions leading to the establishing of the objectives, as well as the metrics and performance indicators themselves should be recorded as ready to present to an auditor.

 The most important thing to remember when setting these objectives is that they need to be clearly defined actions with measurable results. 

Vague objectives like being the best in our industry, or always putting the customer first are very nice sentiments, but are not effective drivers of decision making for a quality management system. 

We recommend more than 1 critical quality metric assessed for product or services for the organization. 

Additionally, we recommend more than 1 key performance indicator assessed for the organization itself. 

ISO:  Section 7

The ISO requirements found in section 7 and section 8 address the operational actions for the quality management system, and are the results of the big picture actions found in sections 4, 5, and 6. 

We should have settled on the basic structure including deciding on the personnel to be involved  in managing the ISO program, critical quality metrics, key performance indicators and the direction we intend for operations and quality to move as the company adjusts. 

In day-to-day functioning of the quality management system, we need to assure proper resources for operations and quality, and we need to write the program itself and train personnel in properly carrying out the programs for products and services. 

As we mentioned previously, one of the core tenets of an ISO is communication within an organization and externally with critical entities for carrying out the quality program, it is here that those requirements are established. 

In order to properly communicate the ISO quality management system and quality program, we need to have written standard operating procedure documents for how to perform tasks in operations, monitoring records for critical quality metrics and key performance indicator data.

As we develop these documents care created, the ISO program requires that a document control system is in place that gives each document a unique identifier, and that a up to date list 

Once these documents are written, we also need to properly train operations and quality personnel on these policies and procedures, and further evaluate trained personnel to confirm that the training was effective. 

ISO: Section 8

As we move to section 8 of the ISO standard, we have come to the most elaborate and complex part of the code, which addresses the operational specifics for the quality management system. 

The determination of whether we have a quality control based system to manage our ISO requirements, or whether we focus on a quality assurance based system should have been established at this point in the development of the QMS, and the specific means by which the quality personnel interact with operations on an ongoing basis must be clear as we finalize our operational planning in this section.

In order to meet the requirements of section 8, we need to have operational manuals that address the entire production or service rendering process. 

We also need to have the measuring and monitoring processes in place each day and shift of operations for the ISO program. 

Those may be electronic records or hand written records for sign offs, checks, sampling, testing and other means of evaluating the functioning of the system to prove we are following the operations manual requirements. 

Each critical quality metric needs to have clear instructions as part of the operations or quality manual, and needs to have a dedicated recording process with clear instructions to the person recording on what they are documenting and how to properly assess conformance or deviation. 

ISO is very specific in the how the organization develops and designs products and services, how it assesses externally provided resources and equipment, how product and services are released after quality assessment is completed and how to handle operational defects or non-conformances, so it is very important that personnel responsible the ISO program review this section carefully to make sure that all of the operational requirements are fully addressed by the quality management system. 

ISO: Section 9 and 10 

The last two sections of the ISO standard focuses on review and analysis of the program. 

For quality management systems that include a laboratory or testing area, a manual for operations should be in place to meet section 9 requirements. 

If the organization utilizes statistical process controls, these should be documented through standard operating procedures and assigned to operations, quality control or quality assurance personnel. 

For other types of quality management systems that do not have clear laboratory or statistical process control requirements, some sort of evaluation must be established that performs an equivalent function. 

This means performing documented reviews, operational records, and indicating that operations conformed or did not conform with planned results.  

In addition to these evaluations and analysis, internal audit of the entire system to the ISO code and management review of the program must be conducted at least every year and the results must be reported to top management. 

After analysis, internal audit and management review are completed, the results must be considered from the standpoint of ongoing improvement, and those improvements must be drivers of changes to operations and quality going forward.