The following application article is part of a larger set of articles
published under the title ISO 9000 in Scientific
Computing as a special supplement to Scientific Computing & Automation
magazine.
Three levels of documentation typically result when implementing ISO 9000.
The top level quality manual contains policies that address each of the
requirements. The second level of documentation contains procedures which
define activities and responsibilities. The third level is the step-by-step
work instructions that are performed on the floor. Many companies paraphrase
the 20 elements in their quality manual then ensure that those elements
are addressed by the lower levels.
There is no set format; nor does every company create three levels. Sometimes
procedures and instructions are a single document. The key is to develop
a quality system that works for you while addressing the requirements.
Bio-Rad adopted the classic three levels of documentation. First, "we
wrote policy statements, then the quality manual which is a generalized
policy statement," explains John Goetz. "Each area handled a particular
element, understanding and applying the standard. Next, we wrote the top
tier operating procedures, linking ISO to what we do. It is specific to
the division, but general enough to be a template."
On the other hand, Bio-Rad's U.K. office took a different approach. "We
wrote the procedures first in a bottoms-up process, then wrote the manual
from that, making sure we'd covered all the gaps," states Chris Rew.
"We found that our work instructions could be streamlined by putting
greater emphasis on training. The main thing is not to write non-essential
issues into the procedures, such as how to answer phones or fill out forms."
Waters' Marq Ransom points out that "You either have a documented procedure
and it's right, or you have it and it's wrong, or it's documented but you
don't do it, or you do it but it's not documented. Most of the time, we
found that procedures just needed to be written down and formalized. What
we didn't have was an approval matrix nor a document control center. We
do now."
Procedures describe activities
Procedures are a means of controlling, identifying, and specifying the activities
that produce a product or service. When specific procedures are not completely
defined, then the acceptability of the procedure will depend upon the qualifications
and training of the persons involved. Typically, interdepartmental procedures
that address consistency and quality issues -- such as document control,
calibration, and internal quality audits -- don't exist prior to implementing
ISO 9000.
"During the course of implementation, we put together several new procedures,
including management review and internal audits, as well as formalized our
customer complaint procedure," remarks Rob Ireland, Beckman. "In
service, there had been procedures in place for installation, training,
and servicing, but the warehouse had nothing down in writing per se. Our
training program was well established and became much stronger with formalized
on-the-job training strategies. For instance, we found one of the dangers
with on-the-job training is that it repeats bad habits, so we keep a close
eye on this aspect of the program."
"Fisons only used two levels of documents by combining procedures with
work instructions, so there is a heavy emphasis on specialist training,"
states Gary Miyahara. "We use flow charts to better visualize activities,
but supply all procedures or work instructions in written format. We want
the documentation to be user-friendly."
"After the table of contents was written, everything sort of fell into
place," declares Fred Klink, Product Manager, Varian. "We already
had a lot of procedures in R&D; in fact, document control was already
being done. We didn't have written procedures in Marketing, so they had
to be written from scratch. It was an interesting process because it allowed
us to define things, such as price lists, to be done the same way every
time. Its improved the consistency of what we do."
Organizing the documents
"There are three ways to approach the process," advises James
Davies, BSI. "Implementation by clause, implementation by department,
or implementation by process. The best would be implementation by process,
but that is also the most difficult to set up from scratch."
Most companies organize their procedures around the functional areas such
as order processing, shipping, receiving, manufacturing, etc., breaking
down the documents by sections that define the scope, purpose, definitions,
responsibilities, documents, and the procedure.
Beckman's three levels of documents have "extensive cross-referencing
and sign-offs by affected departments at the end of each procedure,"
Ireland adds. "Each department has a complete set of manuals designed
for accessibility between departments so they can refer to their own and
others' procedures. But certain information is password-controlled on computer.
We use a combination of computer and hard copy to ensure marketing and proprietary
information remain confidential."
Often not rushing into documenting the process can increase the quality
of the end result. Allowing the departments to implement the standard at
their own speed develops ownership.
"You have to let people come at it slowly," explains Richard Sisk,
PE Nelson. "Our software quality program was toughest. I gave the group
an outline and suggested they start bit by bit to cut the blocks out and
each week we met and discussed one of those blocks. They would come back
with a draft, and we'd discuss it a little more. Then based on that manual,
we started hitting the specifics, such as we needed a procedure for back-up,
a procedure for configuration control, a procedure for security, a procedure
for viruses, etc. We just kept working at it till we got it done."
"If you've done a good job at the assessment phase, the documents fall
out easily, though this takes a long period of time," asserts Hewlett
Packard's Will Cowan. "Don't forget to include a page header that addresses
document control requirements -- date, revision number, authorization --
all need to be included."
Simplifying the process
The volume of documentation that must be formalized can be daunting. In
order to keep updates from becoming an administrative nightmare, keep procedures
and work instructions as short as possible -- no more than a few pages.
"We started by documenting what we do, then revised it from there to
meet the standard," recalls Ron Haynes, Thermo Separation Product's
Quality Systems Manager. "We initially had 40 top level procedures
and have reduced that down to about 30. 10 page procedures are now down
to two to three pages. We're concentrating on simplifying and eliminating
unnecessary steps."
"We're using flow charts more and more because it streamlines the manuals
and takes the burden off the written word," emphasizes John Peel, Varian.
"In fact, all written work instructions can be covered by training.
So the burden of proof is in the training program and we use training records
to harness excessive detail in the written procedures."
Because people tend to over-document, Cowan suggests keeping an eye on the
volume and level of detail. "If you have people who do the procedures
write the procedures, they use it as a reason to write down everything so
their managers will appreciate what they do. But this makes the manuals
too detailed and none of those things affect the quality of the products.
What you want is to just say 'soldering', not to say 'turn pin over joint,
etc.' If you do, you're trapping yourself with excess documentation and
it will be difficult to pass an audit."
"The goal is to have simple documents for several reasons," Cowan
adds. "So that new employees can learn quickly. So that there will
be fewer changes. And, so that it's not open to interpretation by the auditors."
"Processes take time to perfect," Goetz observes. "ISO showed
a lot of areas that needed to be closed -- a lot of gaps in our processes.
We realized we could end up with even more bureaucracy, so we focused on
keeping things simplified. In the balance between training and work instructions,
you have to give some credit to the intelligence of your work force."
"We spent about a year and a half to ensure that all lower level documents
were completed, then we changed almost everything," states Peel. "We
used ISO to rewrite responsibilities, so we broke one of the golden rules
that says just write down what you do. Because we viewed GMP as a dinosaur
from the past due to its formal 'you will do this' approach that was done
for defense issues."
"It's important to note that this is not a one-shot deal," Sisk
points out. "It's a continual process. It will become the way we do
business; not just window dressing."