LIMSzine
The following application article highlights what it takes to implement
an ISO 9000 quality management system. It covers the basics of assigning
a Project Leader, documenting the applicable processes, contacting the certification
body, and surviving an external audit. A short sidebar at the end provides
addresses of key organizations that can provide more information, such as
NIST and ANSI.
Now that you have decided to implement the International Organization for
Standardization (ISO) 9000 requirements within your organization, are you
wondering how to do it? You've got all the literature. You've attended lectures.
You've called in consultants to discuss what needs to be done. But none
of the information is specific. It doesn't say exactly what to do, just
that you need to meet the requirements. Frustrated? You're not the first.
The key to approaching ISO 9000 certification is to understand that it focuses
on documentation. In a nutshell, it requires that you document all quality
system processes related to the twenty ISO specifications. You probably
already have most of this information written down somewhere. Now you need
to put it in to a consistent format that gets reviewed, updated, and maintained
on a regular auditable basis.
Whether you are involved in semiconductors or software, the process is the
same. Production planning procedures occur no matter what industry you are
in. Test and measurement equipment calibration requirements cut across industry-specific
processes. The challenge is to interpret the requirements based upon your
organization's unique structure.
Why is ISO 9000 Certification So Important?
ISO 9000 does more than control product quality: it will be the ticket to
success in the '90s. "ISO certification is necessary to compete on
the global market," explains Ed Stone, Director of Customer Satisfaction
for Varian Associates (Palo Alto, CA). "It forces us to establish policies,
to maintain good controls over all our practices, and to be consistent from
design through production."
No one wants to sign a vendor who doesn't scrutinize and monitor the quality
of their product. In order to assess the quality of a vendor's quality program,
however, a standard needs to be applied. ISO 9000 sets that standard. Without
ISO certification, companies will not be invited to compete for large accounts.
Large accounts that can make or break a corporation's balance sheet. As
a result, company-wide ISO 9000 certification will be a major factor for
many organizations over the next decade.
Assign a Project Leader
One of the first steps you need to take is to ensure that all senior managers
are directly involved in the program and that they form your core ISO 9000
task force. Next, assign an ISO 9000 Project Leader to manage the overall
project, set meeting dates, interact with the ISO auditors, and keep everyone
on track.
You may decide to have each department assign a writer from existing staff.
That person needs to assemble all the existing documentation and interview
other staff before writing the procedures. Many companies opt to hire a
freelance writer to work directly with all levels of staff within the organization.
This is sometimes the optimal choice since it ensures document consistency
across the departments from the beginning, while keeping the additional
workload on in-house staff at a minimum.
The Project Leader needs to delegate or take on the responsibility of being
an internal auditor. Because of the way the ISO standards are worded, it's
best to receive external training for this requirement. There are many seminars
and courses available. In fact, you probably need a team of at least two
to three internal auditors who will continue to check and track ISO implementation.
Leverage the Experience of Others
If you have other divisions in your company who have undergone ISO 9000
certification, invite them to one of your initial meetings to discuss what
they learned. If you're starting from scratch, invite representatives from
other companies who have undergone ISO certification. Learn as much as possible
from others about what to expect. You may be able to duplicate the style
of another set of manuals, but your contents will be unique to your organization.
Discussing ISO requirements with others helps you learn some of the pitfalls
to avoid.
That's the most frustrating aspect about ISO 9000 documentation: no two
companiescan or will approach it in exactly the same way. In fact, divisions
within the same company will create different solutions that work. For example,
Varian's Oncology Systems business unit, which is ISO-certified in both
England and the United States, has separate sets of manuals for both operations.
In turn, their manuals are completely different from those of one of the
smallest business units -- Varian's Sample Preparation Products (VSPP) --
where the emphasis is on assembly rather than manufacture. In essence, you
can leverage the experience of a different business unit or organization,
but each unit will devise an individual approach to solving the challenge.
Three Levels of Documentation
Because of the nature of the standard, and because each organization has
different processes and applications, there is no boilerplate. What the
ISO auditor looks for is a consistent response that satisfies the requirements.
The best approach is to keep your documentation as simple as possible.
There are three basic levels of documentation required. The first level
is a policy manual that highlights your organization's quality policy. The
second level is a set of procedures manuals for each department which define
how different tasks are handled within that department. The third level
is a set of work instructions for each procedure. For instance, if the procedure
covers the assembly of a widget, who is responsible for that widget, and
how the documentation for that widget is handled, then the work instruction
details the exact order in which that widget is assembled.
Each level of documentation must interlock with every other level and every
other manual. If the policy manual states that the Manufacturing Manager
is responsible for ensuring the quality of the widgets, the Manufacturing
Procedures must back up that statement with a procedure showing how that
quality is attained. If this is through an in-process test, then a Manufacturing
Work Instruction needs to detail the step-by-step testing process.
To meet ISO requirements, you will create new procedures. While many of
the necessary procedures are already in place, you'll need to commit to
paper processes
that previously were "handshake agreements" between departments.
The ISO auditor must see it in writing and he must see it in practice.
Expect to spend six months to a year, depending on the size and complexity
of your organization, assembling and writing the documentation prior to
the pre-assessment audit. About 60% of the work spent meeting the ISO requirements
is spent updating old procedures, with 20% consolidating existing procedures,
and another 20% creating new ones.
Contacting the Certification Body
In the beginning stages of the process, you need to contact a certification
body and negotiate a contract. Once this is complete, the policy manual
is submitted to the certification body when your organization is ready to
initiate the certification process. At that time, a pre-assessment audit
date is set. Generally, the final audit is scheduled roughly six months
after the pre-assessment audit to enable the organization to change, modify,
or implement any nonconformances and establish a paper trail for such issues
as equipment calibration and corrective action.
Organizations who have undergone ISO certification agree that the most difficult
aspect of the process is determining what is required. Because the ISO process
is so new, and the structure is open to individual interpretation, you may
find it difficult to determine whether you have actually met the requirements.
Therefore, a pre-assessment audit is advised.
Preparing for the pre-assessment audit includes internal audits. At VSPP,
this took the form of departmental self-audits followed by the appointment
of two internal auditors who performed unit-wide audits of each and every
procedure.
The process is too complex and too much of a long-term commitment to attempt
to leap to final certification without the interim step of a pre-assessment
audit.
Even a small organization needs to address the twenty required elements.
A larger organization simply has larger manuals. A pre-assessment audit
ensures that any incomplete procedures or nonconformances missed by your
internal auditors are uncovered early. It gives you a chance to correct
them without penalty before the clock starts ticking.
Undergoing an ISO Audit
Depending on the size and complexity of your organization, an ISO audit
takes from one to five days and involves one to three auditors. The audit
session starts with a general meeting to introduce the auditor to your ISO
9000 task force. The auditor then reviews the procedures manuals with the
Project Leader. If you have any questions ask them now. You will not be
penalized. Asking for clarification now ensures that if the auditor misses
something during the pre-assessment audit, you won't get hit with it in
the final audit.
Once the procedures manuals are reviewed, the auditor walks through each
department, inspecting calibration records, questioning the staff about
procedures and work instructions, watching the staff to ensure that they
follow instructions exactly as written in the manuals, and inspecting the
premises for adequately marked areas.
The auditor's job is to uncover nonconformances and they have an uncanny
ability to zero in on weak areas. Our auditor would leaf through a manual
and randomly select a page. He then picked a line from the procedure and
questioned how it was performed. He would then ask to see where the procedure
linked to a work instruction. If there was any discrepancy, he would find
it.
While the final audit is more in-depth, the procedure for the pre-assessment
and the final audits is essentially the same. When the audit is over, the
auditor presents a
list of findings. Many minor nonconformances may be fixed on the spot. The
major ones require changes that need to be put in place within the next
few weeks and confirmed by sending updated documentation verifying the change
to the certification body.
Once the pre-assessment audit has been performed, the findings are noted
for the final audit and you need to make the required changes. While the
discrepancies found do not affect your certification status at this time,
if those nonconformances still exist at the final audit, certification may
be delayed.
Key Requirements to Scrutinize
Calibration of test and measurement equipment is a hot button with ISO auditors
and is examined in detail. Are there records of calibration? Where are they?
Can you establish trends? Is there a procedure for record maintenance? How
does the operator know how to perform calibration? Where are the instructions?
What do you do if the equipment can not be calibrated? How do you know when
it's broken? Details, details. Details that need to be in writing.
Do a total review of all documents within your quality system, particularly
what forms are used, who signs them, and who approves them. Forms are controlled
documents that must be handled in a certain way to meet ISO criteria. If
no where else, document control is the one procedure where the auditor will
find nonconformances.
Look for aspects specific to your organization that require documentation.
One of the hurdles that Varian Sample Preparation Products had to overcome
was the bilingual nature of the workforce. Most of the staff on the assembly
floor speak only Spanish. Therefore, the work instructions needed to be
in Spanish as well as English to satisfy ISO requirements.
Another key issue is that each department's manuals need to be thoroughly
inspected to determine when the responsibility for a product or a procedure
passes from one department to the next and to ensure that the transition
occurs on paper as well. When you perform internal audits, be careful not
to look at your departments in isolation. Focus on the interface between
departments, such as where the forms go, and what happens when they move
between departments.
When our quality inspectors finish inspecting a batch of products, they
initial the forms which the assembly workers use that follow the product
as it continues across the assembly floor. Both the Quality Procedures and
the Manufacturing Procedures, as well as the department work instructions,
specify this changeover and document how and when it is to occur.
ISO Certification is an On-going Process
Once an organization achieves certification, ISO auditors return at least
twice a year and as much as four times a year to inspect areas of your operation
that may not have been covered in the first official audit. That audit marks
the beginning of a series of audits. Some of these visits will come without
much warning to ensure audit integrity and that the ISO standards are being
maintained.
As a result, passing an ISO 9000 audit and maintaining certification status
is an on-going process that requires the participation of all employees.
Because the bulk of the auditing takes place on the factory floor, every
employee, not just management, is involved. At some point, everyone at your
organization will explain a procedure or work instruction to an ISO auditor.
Yet the pay-off for this attention to quality is great. It starts small.
While the creation of documentation and new procedures can create administrative
burdens, many practices will be abandoned because they are no longer relevant.
In many cases, ISO adherence has streamlined processes, enabling the organization
to expedite practices.
This pay-off will mushroom as ISO quality procedures take hold. Within Varian,
"ISO is a way to ensure that we assign control and manage key processes
company-wide for our customer's satisfaction," Ed Stone emphasizes.
"Quality is not just an internal issue for us, it's becoming a requirement
to do business. If we continuously, consistently maintain quality standards,
we'll satisfy our customers at the same time." That's what it boils
down to: customer satisfaction.
Quality as an issue has been growing in importance for the last decade.
Quality as a business process is no longer confined to the factory floor.
The '90s will continue to see this trend develop until quality becomes a
true watchword in the corporate environment.
Where To Get More Information
Copies of the ISO standards can be purchased from: The American National
Standards Institute (ANSI), 11 West 42nd Street, 13th Floor, New York, NY
10036. Telephone: (212) 642-4900; Fax: (212) 302-1286.
Additional information about ISO certification and a list of certification
bodies can be obtained from: The National Center for Standards and Certification
Information (NCSCI), National Institute of Standards and Technology (NIST),
TRF Building, Room A163, Gaithersburg, MD 20899. Telephone: (301) 975-4040;
Fax: (301) 926-1559.
Information can also be obtained from: The Office of EC Affairs, International
Trade Administration, Room 3036, 14th and Constitution Ave. SW, Washington,
DC 20230. Telephone: (202) 377-5276; Fax: (202) 377-2155.
Both of the latter agencies are located in the Department of Commerce and
can refer interested parties to other sources of information within and
outside the federal government.