ISO 9000 series
ISO 9000 is a set of standards defined by ISO. If an organization needed to be certified, it would certify for the latest standard, ISO 9001:2015, which replaced the previous version, ISO 9001:2008. ISO 9001:2015 provides guidelines that drive continual improvement for an organization.
This latest update is based on the High-Level Structure (HLS)—Annex SL, which helps organizations incorporate more than one management system into core business processes and make efficiencies.
The ISO 9001:2015 standard specifies 10 clauses, as summarized in the following points:
- Clause 1 (Scope): Explains what the standard is for and what it encompasses. The scope clause covers the following aspects:
- The goals and objectives of the standard to understand the expectations of the certifying organization
- The approach and reference to customer requirements
- The approach and reference to regulatory or statutory requirements
- The applicability of the standard requirements, since they are applicable to all sorts of organizations, regardless of their type, size, or the products and services being provided
- Clause 2 (Normative references): Includes the terms, principles, fundamental concepts, and vocabulary that are essential for the application of the ISO 9001 standard. It also provides references to other documentation to assist in complying with the requirements of the ISO 9001 standard.
- Clause 3 (Terms and definitions): Specifies the terms and definitions given in the ISO 9000:2015 that apply to ISO 9001. This clause helps to clarify unfamiliar terms and resolves unnecessary disputes or conflicts.
- Clause 4 (Context of the organization): Establishes the context of the QMS. The organization achieves this by doing the following:
- Identifying relevant external—such as market-driven, local or global environments, and competition—and internal factors—such as values, culture, or the performance of the organization—that can affect the quality of the product being delivered.
- Establishing the requirements and expectations of all stakeholders.
- Determining the scope of the QMS; whether it needs to be implemented organization-wide or for relevant business functions.
- Establishing, maintaining, and continually improving the QMS using a process approach.
- Clause 5 (Leadership): Dictates the activities required from top management for the success of a QMS, as follows:
- Being actively engaged in the operation of the QMS and ensuring that it is embedded in the organization’s processes
- Direct and establish a quality policy that aligns with the business strategy to formalize the goals and commitment required from all parties
- Ensure that roles, responsibilities, and authorities are defined for all employees and that everyone involved is made aware of them
- Clause 6 (Planning): Focuses on creating an action plan to address risks and opportunities. It requires the organization to do the following:
- Understand the risks and opportunities relevant to the scope of the organization, as required in clause 4
- Establish clear, measurable, and documented quality objectives with an action plan to monitor, control, and communicate risks and opportunities effectively
- Create a change-management plan to carry out changes to the system in a systematic way
- Clause 7 (Support): Stresses the basic HLS clauses of bringing the right resources, the right people, and the right infrastructure, are as follows:
- Ensure adequate resources are provisioned, which includes employees, equipment, and IT systems
- Assess existing competence and fill gaps in competence with training and documentation
- Awareness about the quality policy is a must for all personnel, as there is also the need to understand the relevance of their roles and the implications of non-conformance
- Communication, both external and internal, is key to the success of the system; the organization needs to plan and implement an effective communication process
- Document information to demonstrate compliance in any format that suits the organization while implementing appropriate access controls for information security
- Clause 8 (Operation): Focuses on enabling the organization to meet customer requirements by executing plans and processes, as follows:
- Establish appropriate performance monitoring for the continual improvement of all functions
- Understand customer requirements for products and services through effective communication
- Create a design plan that includes all customer specifications, budget, drawings, and so on
- Require the organization to select, evaluate, and re-evaluate all external entities sourced for procuring processes, products, or services
- Clarity in product specification and evaluation to monitor whether the processes, products, or services being provided by the external entity conform to the customer's requirements
- The need for systematic planning and the execution of all production operations to ensure quality control and to demonstrate the capabilities to deliver consistently to meet customer expectations
- Monitor and measure products and/or services to verify conformance to customer requirements, and have the evidence duly documented by authorized personnel before the product or service is released to the customer
- The control of nonconforming output being released to the customer and the establishment of a course of action to handle nonconforming deliveries
- Clause 9 (Performance Evaluation): Details ways to measure and evaluate the QMS to ensure it is effective and sustainable:
- Utilize simple analysis methods, such as bar charts, or complex statistical process controls to analyze collected data to identify opportunities for improvement and to measure the effectiveness of the management system
- Establish a clear and consistent internal audit program to audit processes at regular frequencies to find nonconformities and trigger preventive measures for improvement
- Require top management to be involved in reviewing the quality-management system to ensure continuing suitability, adequacy, and effectiveness
- Clause 10 (Improvement): Requires the organization to determine and identify what improvement means with regard to the following cases:
- Establish means of improvement by reviewing processes, products, or services, and analyzing the results from the management system
- Begin corrective actions to prevent the recurrence of non-conformities by using root-cause analysis, problem-solving methods, and providing training to improve capabilities
- Build a feedback mechanism that requires the management system to utilize input such as corrective actions, internal audits, management reviews, and customer feedback for continual improvement
These clauses can be grouped in relation to Plan-Do-Check-Act (PDCA), since it is the operating principle of the ISO 9001 process approach, which drives continuous improvement in the organization. The PDCA principle combines planning, implementing, controlling, and improving the operations of a QMS, as shown in the following diagram:
Let's look at each stage of the PDCA cycle:
Here's an example of the PDCA cycle for an SQA team—if the team wanted to increase the number of defects detected in each release sprint by 20%, the team would create a plan for making changes to the processes, following which the changes would be made to the process, and the process would be executed. After execution, checking the results shows a defect detection ratio of 15%, which is then acted on to make further changes. This is then taken up in the next planning phase to plan defect-detection until the goal of 20% is reached.