ISO 9001 GUIDANCE DOCUMENT

QUALITY MANAGEMENT SYSTEM

©DNV Business Assurance. All rights reserved

 OVERVIEW OF ISO 9001’S STRUCTURE

4.1 General 4.1

requirements

4.2 Documentation 4.2.1 General

Requirements 4.2.2 Quality Manual
4.2.3 Control of Documents
4.2.4 Control of Records

5. Management 5.1 Management Commitment

Responsibility 5.2 Customer Focus
5.3 Quality Policy
5.4 Planning
5.4.1 Quality Objectives
5.4.2 Quality Management System Planning
5.5 Responsibility, Authority and Communication
5.5.1 Responsibility and Authority
5.5.2 Management Representative
5.5.3 Internal Communication
5.6 Management Review
5.6.1 General
5.6.2 Review Inputs
5.6.3 Review Outputs

6. Resource 6.1 Provision of Resources

Management 6.2 Human Resources
6.2.1 General
6.2.2 Competence, Training and Awareness
6.3 Infrastructure
6.4 Work Environment

7.1 Product 7.1 Planning of Product Realisation

Realisation 7.2 Customer Related Processes
7.2.1 Determination of Requirements Related to the Product
7.2.2 Review of Requirements Related to the Product
7.2.3 Customer Communication
7.3 Design and development
7.3.1 Design and Development Planning
7.3.2 Design and Development Inputs
7.3.3 Design and Development Outputs
7.3.4 Design and Development Review
7.3.5 Design and Development Verification
7.3.6 Design and Development Validation
7.3.7 Design and Development Changes
7.4 Purchasing
7.4.1 Purchasing Processes
7.4.2 Purchasing Information
7.4.3 Verification of Purchased Product
7.5 Production and Service Provision
7.5.1 Control of Production and Service Provision
7.5.2 Validation of Processes for Production and Service Provision
7.5.3 Identification and Traceability
7.5.4 Customer Property
7.5.5 Preservation of Product
7.6 Control of Measuring and Monitoring Equipment

8. Measurement, Analysis 8.1 General

and Improvement 8.2 Monitoring and Measurement
8.2.1 Customer Satisfaction
8.2.2 Internal Audit
8.2.3 Monitoring and Measurement of Processes
8.2.4 Monitoring and Measurement of Product
8.3 Control of Nonconforming Product
8.4 Analysis of Data
8.5 Improvement
8.5.1 Continual Improvement
8.5.2 Corrective Action
8.5.3 Preventive Action

©DNV Business Assurance. All rights reserved

ISO 9001 - QUALITY MANAGEMENT SYSTEMS
4.1 General requirements
The specification of the Standard starts at
section 4. The general requirements outline the
basic requirements for a Quality Management
System (QMS). The aim is to develop a QMS
that will achieve the business quality objectives
through understanding processes, ensuring
that they are effective, providing resources and
implementing actions to achieve continual
improvement.
Any process that is outsourced (or
subcontracted) needs to be identified in the
QMS and controlled. Examples of this can
include the manufacture of components and
the maintenance of process equipment and
infrastructure. Organisations cannot simply pass
activities on to subcontractors or suppliers and
not exert some control over them.
4.2 DOCUMENTATION REQUIREMENTS
4.2.1 General
QMSs are sometimes perceived as being large
collections of documents and bureaucratic.
DNV would argue that this scenario is the result
of poor implementation of ISO 9001. Think of
ISO 9001 as a risk management standard: Based
on your understanding of the business, what are
the critical points that need managing to ensure
that your customers remain satisfied? Where are
your “pinch-points”, what controls are needed to
ensure that the product (or service) meets your
customer’s requirements? Obviously this is very
different for each business.
This section of ISO 9001 outlines the QMS
documentation required. Whilst some
documentation is mandatory, there is a
great deal of flexibility to deciding what
documentation is needed to ensure adequate
planning, operation and control of processes.
©DNV Business Assurance. All rights reserved
This greatly depends upon the size of the
organisation, its activities, the complexity
of processes and their interactions and the
competencies of personnel. Remember
there is a balance between competency and
documentation: If staff are 100% competent
based on education, training and experience,
then this could reduce the amount of
documentation and procedures needed.
4.2.2 Quality Manual
A Quality Manual must be produced. It should
provide an overview of the management system
and allow users to find information (i.e. by
providing direction to related documentation).
There is no defined format for a Quality
Manual, but it must contain; the scope of the
QMS (e.g. the manufacture of wooden doors
or provision of management consultancy
and advice), including justification for any
exclusions (e.g. if there is no design process);
documented procedures (or reference to them)
and a description of process interactions (e.g.
an in-sequence flow chart of the quality system
processes).
It should be noted that outsourcing an activity is
not justification for exclusion. The organisation
is still responsible for the results and must place
controls on such an activity.
4.2.3 Control of Documents
QMS documentation needs to be controlled
to ensure that current versions are used.
This includes documents received (e.g.
specifications) as well as documents produced
internally. The aim is to ensure that the right
document is in the right place at the right time.
Control should ensure that those reviewing
documents are competent and that revision
status is identified and traceable. Distribution
should ensure that those that need the
documents have access to them, and that
obsolete documents are dealt with correctly (i.e.
removed from the point of use or maintained
for “information purposes only”).
The Standard requires that there is a
documented procedure in place to cover
document control processes covering issues such
as review and approval, distribution and recall.
Some organisations also prepare a master list of
all documentation and a revision history, but this
is not a requirement of ISO 9001.
 
4.2.4 Control of Records
Records provide evidence of conformance.
They can be related to the product, process
and/or system and can be paper or electronic.
Forms, once complete, often become records
(e.g. checklists, inspection reports, product tests
etc.).
It is up to the organisation to determine the
records it needs to demonstrate product/service
conformance and for how long they should
be retained. Businesses, however, should be
mindful that record retention requirements can
be specified in contracts or legislation.
Plan
5 MANAGEMENT RESPONSIBILITY
5.1 Management commitment
No system will achieve its true potential without
the commitment of top management. Evidence
is required to demonstrate such commitment,
particularly with regard to the development,
implementation and improvement of the
management system. Commitment can be
demonstrated through creating a quality
culture, providing clear direction, ensuring
the availability of adequate resources, setting
improvement objectives and reviewing progress
©DNV Business Assurance. All rights reserved
(e.g. during the management review process).
5.2 Customer Focus
Without knowing what customers want, how can
a business be expected to deliver?
The aim of this requirement is to fully
determine market/customer needs and
expectations. This information then acts as an
input into determining strategy, which in turn
provides direction and facilitates development
of a management system capable of satisfying
the targeted market or customer. This is an
on-going process, which can be achieved by
many different means. Whilst not specified in
ISO 9001, documents/records could include
market surveys, customer meeting minutes,
questionnaires and other areas of research.
5.3 Quality Policy
The Quality Policy is an important document
because it acts as the driver for the organisation.
It provides the direction and formally establishes
goals and commitment. Top management
should ensure that the policy is appropriate and
not a bland statement that could apply to any
business. It should provide clear direction to
allow meaningful objectives to be set in-line with
it. The Policy needs to be communicated to all
employees and they need to understand the part
they have in its deployment.
 
5.4 PLANNING
5.4.1 Quality Objectives
As part of the planning process, top
management needs to set quality objectives
which will help to turn the Quality Policy into
reality. Objectives, should be consistent with
the Quality Policy and be capable of being
measured.
There are many different types of objectives that
could be considered: market position and/or
growth, process effectiveness and/or efficiency,
improved awareness levels, maintenance of
present position, reduction in quality costs,
improvements in product conformity/reduction
in defect rates, improved customer satisfaction
etc. The objectives need to be deployed
throughout relevant parts of the organisation
and must be meaningful to those who are
assigned responsibility for achieving them
and those whose activities contribute to their
achievement. They should also be measurable.
Objectives must be documented and there will
need to be evidence regarding monitoring of
achievement.
5.4.2 Quality Management System Planning
Having established the quality objectives, the
organisation must plan how they are going to
be achieved. This could involve determination
of structure, roles, responsibilities, processes,
resources, information, communication etc.
Planning should be consistent with the systems
approach. A business is dynamic and there may
need to be change management processes in
place to ensure that the integrity of the system is
not impacted.
Plan
5.5 RESPONSIBILITY, AUTHORITY AND
COMMUNICATION
5.5.1 Responsibility and Authority
For a system to function effectively, those
involved need to be fully aware of their
role. Top management must ensure that
key responsibilities and authorities are
clearly defined and that everybody involved
understands what their role. Defining roles is
a function of planning, ensuring awareness can
©DNV Business Assurance. All rights reserved
then be achieved through communication and
training.
It is common for organisations to use
job descriptions or procedures to define
responsibilities and authorities.
5.5.2 Management Representative
In any management system there is a need to
channel information. This could be the primary
role of the management representative (MR). It
is not the responsibility of the MR to implement
the system, but to ensure implementation and
provide feedback on performance.
5.5.3 Internal Communication
Effective communication is essential for a
management system. Top management need
to ensure that mechanisms are in place to
facilitate this. It should be recognised that
communication is two-way and will not only
need to cover what is required, but also what
was achieved. In other words, what was planned
and what was achieved? Mechanisms for
communication could include: meetings, notice
boards, in-house publications, awareness raising
seminars, toolbox talks, intranet, email, etc.
5.6 MANAGEMENT REVIEW Check
5.6.1 General
The main aim of management review is to
ensure the continuing suitability, adequacy and
effectiveness of the quality management system.
Only through conducting the review at sufficient
intervals, providing adequate information and
ensuring the right people are involved can this
aim be achieved. ISO 9001 details the minimum
inputs to the review process. Top management
should also use the review as an opportunity to
identify improvements that can be made and/or
any changes required, including the resources
needed.
5.6.2 Review Input
The input to management review shall include
information on:
a. results of audits,
b. customer feedback,
c. process performance and product conformity,
d. status of preventive and corrective actions,
e. follow-up actions from previous management
reviews,
f. changes that could affect the quality manage-
ment system, and
g. recommendations for improvement.
5.6.3 Review Output
The output from the management review shall
include any decisions and actions related to:
a. improvement of the effectiveness of the quali-
ty management system and its processes,
b. improvement of prod related to customer
requirements, and
c. resource needs.
Records of the management review are required
to be maintained. This will usually be in the
form of meeting minutes, but could also be
in the form of a report, notated with required
actions after its review (as the management
review process does not necessarily have to be a
meeting).
Plan
6 RESOURCE MANAGEMENT
6.1 Provision of Resources
An effective quality management system
cannot be maintained or improved without
©DNV Business Assurance. All rights reserved
adequate resources. As a function of planning,
such resources should be determined and
provided. This includes contract or project
specific resources. ISO 9001 puts resources
into the following three categories: human,
infrastructure, and work environment.
6.2 HUMAN RESOURCES
6.2.1 General
The main intention behind this general
requirement is that the people working within
the quality management system are competent
to fulfill their duties.
6.2.2 Competence, Training and Awareness
In order to determine competence, competence
criteria need to be established for each function
affecting quality. This can then be used to
assess existing competence and determine
future needs. Where criteria are not met, some
action is required to fill the gap. Training or
reassignment may even be necessary. Personnel
need to be made aware of the relevance of their
activities and how they contribute to the quality
objectives. Induction programmes and staff
reviews are often used for this purpose.
Records are required to be able to demonstrate
competence. Recruitment and induction
programmes, training plans, skills tests and
staff appraisals often provide evidence of
competence and their assessment. Competency
requirements are often included in recruitment
notices and job descriptions.
Plan
6.3 Infrastructure
There must be adequate provision of
infrastructure such as buildings, equipment,
IT systems, transport, etc. Determining what
is needed and what maintenance programme any combinations of these. Planning should also
should be developed to ensure its continuing consider and define what records will be needed
capability is part of planning. to demonstrate compliance.

6.4 Work Environment Where a certain activity is not undertaken and

The work environment of an organisation
has many human and physical factors that
can influence quality, effectiveness and
efficiency. These factors need to be identified
and managed and can include: protective
equipment, ergonomics, heat, noise, light,
hygiene, humidity, vibration, temperature etc.
The relevant factors are obviously different for
each product or service. An example of a work
environment issue could be control of humidity
in a paint shop.
not necessary to fulfill requirements, (e.g. where
there is no design) the respective requirements
of ISO 9001 be excluded as long as it has been
documented as being an exclusion.
Do
7.2 CUSTOMER RELATED PROCESSES
7.2.1 Determination of Requirements Related to
the Product

There must be a process to ensure that the

There are no specific documentary
needs and expectations of customers (and their
requirements required by ISO 9001, but
requirements) are determined. This should
work environment criteria are often found in
include the determination of the intended
procedures, contracts, specifications and codes
product use and any statutory requirements that
of practice. Evidence of compliance should be
apply to the product in its intended market.
available via records.
Only once all requirements are identified can
they be reviewed.
Do
7.2.2 Review of Requirements Related to the
Product
7 PRODUCT REALISATION
In previous versions of ISO 9001, this used
7.1 Planning of Product Realisation
to be referred to as “contract review”. Once
determined, requirements need to be reviewed
Product realisation processes are a sequential
by the organisation prior to any commitment
series of processes which determine product/
to supply to ensure that they are understood,
service requirements and convert them into a
that any anomalies are resolved and that
product/service that meets requirements. They
the organisation has the ability to meet the
are sometimes referred to as “core business
requirements. There are numerous incidents of
processes”, but they are reliant on other
offers being made and orders accepted without
processes, often referred to as support processes
fully understanding whether the business can
(e.g. training, documentation, maintenance
meet the contract and has the capability to
etc.).
deliver. Examples of input documentation
could be: enquiries, contract specifications
The output of planning should be in the form
and clarifications, whilst examples of output
most suitable for the organisation. This could
documents could be offers, tenders and
be in the form of drawings, specifications,
contractor proposals.
procedures, method statements, quality plans or

©DNV Business Assurance. All rights reserved

7.2.3 Customer Communication
Communication needs to be planned to ensure
that all necessary information is available
when needed, from both external and internal
sources. This could also include feedback from
the customer, which is further discussed under
the heading of customer satisfaction.
Communication documents/records are not
specified by ISO 9001, but typically they can
include contracts, specifications, drawings,
e-mails, letters, transmittals, meeting minutes,
complaints etc.
Do
7.3 Design and Development
For many organisations, this section of ISO 9001
is not relevant and can be “excluded”.
7.3.1 Design and Development Planning
There must be a systematic approach to
controlling design activities and product
development. This will involve design planning,
which should include stages of design, review,
verification and validation activities. Although
not required by ISO 9001, a common document
produced is a design plan, which outlines how
the design will be managed throughout the
design process.
7.3.2 Design and Development Inputs
Design and development inputs can include
customer specifications, statutory requirements,
information from previous designs, budgetary
considerations etc.
7.3.3 Design and Development Outputs
Each organisation should decide how the
design is developed but the output needs to be
verified against the design input requirements.
Therefore, the output needs to be in a format
©DNV Business Assurance. All rights reserved
that will enable verification. Typical outputs
include drawings, specifications, instructions,
schedules, user manuals etc.
7.3.4 Design and Development Review
Review of the design should be undertaken
at planned stages to ensure that the design
is satisfactory and to trigger solutions to any
problems encountered. Results of design
reviews and necessary actions need to be
recorded. Typically these could include meeting
minutes, altered drawings, sketches, approval
documents etc.
7.3.5 Design and Development Verification
Verification is basically a process whereby the
design is checked to ensure that what has been
designed meets the input requirements. For
example, checking design calculations to ensure
that an air conditioning unit has the desired
capacity. The results and any actions required
as a result of the verification process must
be recorded. Typically these could include
alternative calculations, approvals, comparison
reports etc.
7.3.6 Design and Development Validation
Validation needs to be performed to ensure
that the product can meet the basis of its
design. For example, testing a prototype
air conditioning unit to ensure it can hold
the desired temperature under the defined
operating conditions before mass production
commences. Validation should, where possible,
be completed prior to delivery. Results of the
validation process and any actions need to be
recorded. Typically these could include test
results, prototype feedback, user testing etc.
7.3.7 Control of Design and Development
Changes
Changes to design requirements can come at
any time and as a result of many factors. They
can also significantly impact on the design
in progress. Any resulting changes in design
must be reviewed, verified and validated where
necessary. Design changes need to be identified,
documented and recorded.
7.4 PURCHASING
Do
7.4.1 Purchasing process
The main aim of this requirement is to ensure
that the purchased products or services you
require (e.g. components for your product)
will ensure that you can meet your customer’s
requirements. As a first step it is necessary
to have confidence in the entity supplying
the product or service and some form of
evaluation process should be in place. This
evaluation process should be flexible, as not
all suppliers have the same impact on the final
product/service. The criteria for selection,
evaluation and re-evaluation of suppliers must
be determined. Controls could then be put
in place based on the results of the evaluation
and the relative impacts they could have (risk
management).
Suppliers need to be re-evaluated periodically
which can be an on-going process. The results
of supplier evaluation and re-evaluation need
to be maintained and could be in the form of
references, trial orders, product specifications,
audit results, performance data, defect rates
etc. Whilst not required by ISO 9001, some
organisations compile an approved supplier list
for easy reference.
7.4.2 Purchasing Information
A second step to ensuring that purchased
product meets requirements is to provide all the
necessary information. Your supplier should
not have to second guess what is needed and
clarity is essential, not just in terms of product
specification but also in terms of operator
©DNV Business Assurance. All rights reserved
qualification, quality control, quality assurance,
documentation, delivery times etc. The
purchase requirements should also be checked
for adequacy before they are communicated
to your supplier. Typical documentation could
include supplier quotations, purchase orders,
contracts and associated review records.
7.4.3 Verification of Purchased Product
A third step is the verification of the product
or service that you have procured. This could
be done by various means at the pre-shipment
stage or upon receipt. For example, receiving
inspection or test records, or through verifying
a certificate of product conformance. Some
organisations undertake audits of their key
suppliers or witness Factory Acceptance Tests.
Do
7.5 PRODUCTION AND SERVICE PROVISION
7.5.1 Control of Product and Service Provision
This requirement is aiming to ensure that your
production activities and operations are planned
and then conducted in a manner ensuring
control. This can also include operations at the
customers’ premises, such as installation.
There are many different ways to achieve control
and methods can include controlled processes,
procedures, drawings, specifications, work
instructions, quality plans, operating and process
criteria.
7.5.2 Validation of Processes for Production and
Service Provision
This requirement applies to products that
cannot be truly verified until they are in use
(e.g. a match – as the only effective way to test
whether a match will work is to strike it!). A
business must have confidence in the ability
of its process to consistently deliver and meet
customer expectations. Processes may also
need re-validation from time to time because
conditions, people and materials can change.
Process validation records are required and may
consist of records of operator qualifications,
materials used, equipment used, methods used,
the work environment etc.
7.5.3 Identification and Traceability
In almost all organisations there is a need
to formally identify product or service and
determine its status or level of readiness at any
given point in time. There may also be the
need to trace a product or service (e.g. for legal
requirements). The main aim is to be able to
prevent incorrect use of suitable products or
prevent or limit the use of unsuitable products.
In some industries traceability is a requirement
throughout processing and beyond to assist
in the event of recall. In such cases unique
identification of the product needs to be
controlled and recorded. There are many
different ways to identify and trace products/
services such as: batch numbers, production
dates, inspection reports, colour coded labels,
designated storage locations, packaging bar
codes, service reports, job numbers, project/
report numbers, part numbers, configuration
information etc.
7.5.4 Customer Property
Some organisations use products or intellectual
property (e.g. patents) provided by customers.
If so, then it is necessary to ensure that what
has been provided is suitable for the intended
application and thereafter is used properly
and protected against loss or damage. To
support this, there could be records of receipt,
inspection, use, loss, damage or return.
7.5.5 Preservation of Product
All products need to be preserved - from raw
10
©DNV Business Assurance. All rights reserved
materials during receipt, storage and processing
to finished product up to the point of delivery.
The aim is to ensure continued suitability for
use. In the service industry this could also
include the preservation of data or reports on
electronic media.
When planning preservation of products,
there should be consideration of the needs of
customers, regulators as well as identification,
handling, packaging, storage and protection
requirements. The type of product will naturally
dictate the infrastructure and controls necessary.
Frozen food, for example, will require cold
storage and be governed by regulation, whereas
other products may just need protection from
direct sunlight.
Documentation may include storage procedures
and criteria, records of receipt and issue,
records to demonstrate legal compliance, expiry
dates, damaged or lost goods, returns etc.
Do
7.6 Control of Monitoring and Measuring
Equipment
The main aim of this requirement is to ensure
that critical measuring equipment is available
and in a known state of accuracy to provide
assurance and evidence that products meet
their relevant requirements. This also includes
software.
The organisation must determine what
monitoring and measuring has to be undertaken
and provide evidence that it was undertaken
using correct and reliable equipment. Regular
calibration and maintenance (and records) is
one way to provide confidence that results are
reliable.
 Do
8 MEASUREMENT, ANALYSIS AND IMPROVEMENT
8.1 General
When developing a system it is necessary to plan
what needs to be measured and how the results
will be used to identify where improvement is
required. This is an essential part of a Plan-
Do-Check-Act cycle. The focus should be on
the critical elements of the product or service
delivery process.
8.2 MONITORING AND MEASUREMENT
8.2.1 Customer Satisfaction
Customer feedback is one very good indicator of
management system and business performance.
There are many ways to capture feedback and
businesses should think wider than just using
questionnaires or complaints. For example,
other methods include interviews, customer
meetings and market surveys. The aim is to
monitor information that will help understand
customer perception of the product/ service
and to facilitate analysis to improve satisfaction.
8.2.2 INTERNAL AUDIT
Internal audits are a key element of ISO 9001
and are seen as a key element in helping
to assess the effectiveness of the quality
management system. There needs to be a
documented internal audit procedure and
an audit programme needs to be established
to ensure that all processes are audited at the
required frequency, the focus being on those
most critical to the business. To ensure that
internal audits are consistent and thorough,
a clear objective and scope should be defined
for each audit. This will also assist with auditor
selection to ensure objectivity and impartiality.
To get the best results, auditors should have a
working knowledge of what is to be audited, but
©DNV Business Assurance. All rights reserved
they should not audit their own work.
Management must act on audit results. This
is often limited to corrective action relating to
any nonconformities that are found, but other
findings can also be used to trigger prevention
and improvement. Follow up activities should
be performed to ensure that the action taken as
a result of an audit is effective.
8.2.3 Monitoring and Measurement of Processes
It will be necessary to monitor and in some cases
measure individual processes. When a process
is planned it should have a clear objective or
purpose. The main purpose of monitoring
or measuring the process is to determine if
it is achieving its objectives. There are many
different ways to monitor or measure a process:
cycle times, waste levels, rejects, costs, variability
etc. Obviously the most suitable measures should
be selected. Where the process is not effective,
appropriate action should be taken.
8.2.4 Monitoring and Measurement of Product
The organisation must monitor and measure
the characteristics of the product to verify that
product requirements have been met and
evidence of conformity with the acceptance
criteria must be maintained. Records must
indicate the person(s) authorising the release of
product for delivery to the customer.
Check
8.3 Control of Nonconforming Product
This requirement is intended to ensure that
nonconforming product is prevented from
further processing, use or delivery. Once
identified, and regardless of when identified
(e.g. during processing or after delivery) any
nonconforming product should trigger a process
whereby an authorised and competent person
should decide what course of action is to be
taken. Options can include scraping, supplying
under concession, alternative uses, product
rework or recall. A documented procedure
is required to control the process of handling
nonconforming product.
8.4 Analysis of Data Check
Collection and analysis of relevant data is
necessary to measure the suitability and
effectiveness of the management system and
to identify opportunities for improvement.
Business goals and objectives should considered
when deciding what to analyse.
Methods of analysis vary greatly in terms of
applicability and complexity. Simple bar
charts are sufficient for some activities whereas
Statistical Process Controls are necessary for
others. The methods selected should only be
as complex as needed. As a minimum, analysis
should be performed in relation to customers,
product conformance, processes and supplier
performance.
Act
8.5 IMPROVEMENT
8.5.1 Continual Improvement
One of the aims of any organisation should
be to improve and this is a key tenet of ISO
9001. There are many ways to identify and drive
improvement. All measurement results can be
analysed to determine where improvement is
required or desired. Policy and objectives can
then be set and deployed through prevention
and improvement programmes.
Improvement does not have to take place
12
©DNV Business Assurance. All rights reserved
in all areas of the business at the same time.
Focus should be relevant to risks and benefits.
Improvement can be incremental (small
changes) or breakthrough (new technology). In
reality both methods will be used at some point
in time.
8.5.2 Corrective Action
The main aim of the corrective action process
is to eliminate the causes of actual problems
so as to avoid recurrence of those problems.
It is a reactive process, in that it is triggered
after an undesired event (e.g. discovery of
nonconforming product). In essence, the
process uses the principles of root cause analysis.
A basic approach to problem solving is “cause”
and “effect”, and it is the cause that needs to be
eliminated. Action taken should be appropriate
to the impact of the problem (risk). As part of
the corrective action process, the effectiveness
of action taken must be checked to ensure it is
effective.
It is worth noting that corrective action alone
will not bring about improvement in the quality
management system. It merely brings the
control level back to where it should have been
before the nonconformance occurred.
8.5.3 Preventive Action
This clause of ISO 9001 has a similar set of
requirements to the above, but now of deals
with potential problems rather than actual ones.
It is accepted that this is a harder element of
ISO 9001 for organisations to fully understand
and implement, but the results can be quite far
reaching.
A documented procedure for both Corrective
and Preventive Action (which can be combined
into a single procedure) and the results of
action taken must be recorded.
©DNV Business Assurance. All rights reserved