Documentation Requirements in ISO/DIS 9001

Please read the link in my new blog.

Thanks,

Keshav Ram Singhal

New Blog 'Forthcoming ISO 9001:2015 QMS Awareness'

I have started a new blog 'Forthcoming ISO 9001:2015 QMS Awareness' at http://qmsawareness.blogspot.in/.

Please visit the same.

QMS authors and professionals are requested to send articles, news-briefs, comments, suggestions etc. for the blog.

Best wishes,

Keshav Ram Singhal

हुर्रा ! मैं बहुत खुश हूँ .... Hurrah ! I am too happy ...

हुर्रा ! मैं बहुत खुश हूँ ....
145 से अधिक देशों/अर्थव्यवस्थाओं से
दो लाख से अधिक आगंतुकों ने
मेरे ब्लॉग http://iso9001-2008awareness.blogspot.in का दौरा किया, देखा और पढ़ा.
मेरे ब्लॉग की लोकप्रियता से मैं प्रेरित और सम्मानित महसूस करता हूँ.
मेरे ब्लॉग के सभी पाठकों के निरंतर समर्थन के लिए धन्यवाद.
मैं आशा करता हूँ कि मेरे अन्य ब्लॉगस को भी इसी तरह का समर्थन मिलेगा.
कृपया मेरे ब्लाग का समय-समय पर दौरा करते रहे,
उन्हें पढ़ते रहें
और
टिप्पणी करते रहें.

पुन: आभार,

केशव राम सिंघल
जागरूकता के लिए प्रतिबद्ध



Hurrah ! I am too happy ...
More than two lac visitors
from more than 145 countries/economies have
visited, seen and read my blog http://iso9001-2008awareness.blogspot.in.
I feel motivated and honoured with the popularity of my blog.
Thanks for the continuous support of the readers of my blog.
I hope that I will get similar support to my other blogs.
Please keep visiting, reading my blogs
and
keep commenting too.

Again Thanks,

Keshav Ram Singhal
Committed for Awareness

Advantages of ISO 9001:2008 QMS Certification

Implementing ISO 9001:2008 QMS confers long-term benefits, however, an immediate goal for most organizations is to achieve ISO 9001:2008 certification as it provides following advantages:

- Certification assure organization's stakeholders that the organization has a good quality management system in place and that increase organization's trust among its stakeholders.
- Certification communicates a positive message to organization's employees that turns them to high value asset.
- Certification reduces organization's costs as many insurance companies are willing to insure your processes, products and services at reduced premiums.
- Certification provides marketing opportunities to organizations.

It should be noted that certification is not a requirement of the ISO 9001:2008 QMS standard. Many organizations in the world are implementing ISO 9001:2008 QMS without certification.

With best wishes,

Keshav Ram Singhal

What's New? A Look At The Changes in ISO/DIS 9001

Please visit the article 'What's New? A Look At The Changes in ISO/DIS 9001' at my blog on "Forthcoming ISO 9001:2015 QMS Awareness'.

Thanks,

- Keshav Ram Singhal

Understanding Fault Tree Analysis

Understanding Statistical Tools and Techniques

Write-up – 11

Understanding Fault Tree Analysis

Fault Tree Analysis (FTA) is a top down, deductive failure analysis method. In this analysis an undesired state of a system is analyzed using Boolean logic to combine a series of lower-level events. The fault tree analysis (FTA) was first introduced by Bell Telephone Laboratories. Bell Telephone Laboratories developed the concept of fault tree analysis in 1962 for the US Air Force for use with the Minuteman system. It is one of the most widely used methods in system reliability, maintainability and safety analysis. It is a deductive procedure used to determine the various combinations of hardware and software failures and human errors that could cause undesired events (referred to as top events) at the system level .This analysis method is mainly used in the fields of safety engineering and reliability engineering to understand how systems can fail, to identify the best ways to reduce risk or to determine (or get a feeling for) event rates of a safety accident or a particular system level (functional) failure. This analysis method is also used in the aerospace, nuclear power, chemical and process, pharmaceutical, petrochemical and other high-hazard industries; but is also used in fields as diverse as risk factor identification relating to service system failure. In aerospace, the more general term "system Failure Condition" is used for the "undesired state" / Top event of the fault tree. These conditions are classified by the severity of their effects. The most severe conditions require the most extensive fault tree analysis. These "system Failure Conditions" and their classification are often previously determined in the functional Hazard analysis.

FTA method can be used to understand the logic leading to the top event / undesired state. It can show compliance with the (input) system safety / reliability requirements. This method can prioritize the contributors leading to the top event by creating the Critical Equipment/Parts/Events lists for different importance measures. FTA method can monitor and control the safety performance of the complex system (e.g., is a particular aircraft safe to fly when fuel valve x malfunctions? For how long is it allowed to fly with the valve malfunction?). This method is helpful to minimize and optimize resources. This analysis method can assist in designing a system. The FTA can be used as a design tool that helps to create (output / lower level) requirements. This method can function as a diagnostic tool to identify and correct causes of the top event. It can help with the creation of diagnostic manuals / processes. The main purpose of the fault tree analysis is to help identify potential causes of system failures before the failures actually occur. It can also be used to evaluate the probability of the top event using analytical or statistical methods. These calculations involve system quantitative reliability and maintainability information, such as failure probability, failure rate and repair rate. After completing an FTA, you can focus your efforts on improving system safety and reliability.

FTA method is a deductive analysis, which begins with a general conclusion, then attempts to determine the specific causes of the conclusion by constructing a logic diagram called a fault tree. This method is also known as taking a top-down approach.

FTA Logic Diagram

The basic symbols used in an FTA logic diagram are called logic gates and are similar to the symbols used by electronic circuit designers. Fault tree diagrams consist of gates and events connected with lines. The AND and OR gates are the two most commonly used gates in a fault tree. To illustrate the use of these gates, you may consider two events (called "input events") that can lead to another event (called the "output event"). If the occurrence of either input event causes the output event to occur, then these input events are connected using an OR gate. Alternatively, if both input events must occur in order for the output event to occur, then they are connected by an AND gate. The following figure shows a simple FTA diagram in which either A or B must occur in order for the output event to occur. In this diagram, the two events are connected to an OR gate. If the output event is system failure and the two input events are component failures, then this fault tree indicates that the failure of A or B causes the system to fail.

When you perform an FTA, you systematically determine what happens to the system when the status of a part or another factor changes. In some applications, the minimum criterion for success is that no single failure can cause injury or an undetected loss of control over the process. In others, where extreme hazards exist or when high value product is being processed, the criteria may be increased to require toleration of multiple failures.

Fault Tree Construction

You can construct Fault Tree diagram by adhering to simple steps. You should first define the fault condition and write down the top level failure. By using technical information and professional judgements, you should determine the possible reasons for the failure to occur. You should continue to break down each element with additional gates to lower level. You should consider the relationships between the elements so that you can decide whether to use an AND or an OR gate. The two most commonly used gates in a fault tree are the AND and OR gates. You should consider two events (or blocks) comprising a Top Event (or a system). If occurrence of either event causes the top event to occur, then these events (blocks) are connected using an OR gate. Alternatively, if both events need to occur to cause the top event to occur, they are connected by an AND gate. You may finalize and review Fault Tree Construction. The chain generally terminated in a basic fault that may be human, hardware or software. If possible, then you should evaluate the probability of occurrence for each of the lower level element and calculate the statistical probabilities from the bottom up.

Bibliography

* What Is a Fault Tree Analysis? Use a general conclusion to determine specific causes of a system failure, Simha Pilot, Quality Progress, March 2002
* http://en.wikipedia.org/wiki/Fault_tree_analysis
* http://reliawiki.com/index.php/Fault_Tree_Diagrams_and_System_Analysis
* http://www.weibull.com/basics/fault-tree/

Your Email Motivates Me

Email dated 20 April 2014 from Mr. Shambhulinga B. H., Quality Executive, AVK Valves India P. Ltd., Kolar (Karnataka)

"I have seen your QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008 blog it was too good. It is very easy to learn and establish the Quality Policy and Quality Objectives, I have inspired of your blog and I made Quality Objectives for Our Company as good as my knowledge...."

Email dated 26 February 2013 from Dr. R. H. G. Rau, Past President, National Centre for Quality Management

"Congratulations. It sure is a milestone achievement. Warm personal regards, Rau"


Email dated 27 March 2013 from Mr. Asgar Uddin Sirdar (IRCA Registered Lead Auditor)
Qualification: BE Metallurgy, Company: Larsen & Toubro Ltd., Designation: QAQC manager

"I am a supporter of your blog. It is good."

Email dated 3 April 2013 from Mr. Vinesh Lachman, Quality Assurance Consultant, Durban, South Africa

"I am extremely delighted to have read your blog, and to see my passion reflected is beyond words. ..."

Email dated 16 April 2013 from Prof. H. C. Patel, Mumbai

"Liked write-up. Good illustration."

Significant Changes in ISO 9001 Committee Draft

ISO/CD 9001 was released for submission of comments in June 2013. Significant changes observed in ISO/CD 9001 are as under:

1. The term 'product' (used in ISO 9001:2008) is replaced by the term 'goods and services (in ISO/CD 9001)

2. Two new clauses are added in ISO/CD 9001
- 4.1 - Understanding the organization and its context
- 4.2 - Understanding the needs and expectations of interested parties

3. 'Process approach' is added as requirement (clause 4.4.2) in ISO/CD 9001 - The requirements to use process approach has been more explicit now.

4. ISO/CD 9001 does not include a specific clause for 'preventive action'. ISO 9001:2008 has clause 8.5.3 as requirements for preventive action.

5.ISO/CD 9001 includes requirements for 'actions to address risks and opportunities' (clause 6.1). Risk management , thus, will be part of the QMS.

6. The structure in ISO/CD 9001 has been changed. There are 10 clauses in ISO/CD 9001 instead of eight clauses in ISO 9001:2008.

Eight clauses in ISO 9001:2008 are:
Clause 1 - Scope
Clause 2 - Normative reference
Clause 3 - Terms and definitions
Clause 4 - Quality management system
Clause 5 - Management responsibility
Clause 6 - Resource management
Clause 7 - Product realization
Clause 8 - Measurement, analysis and improvement

Ten clauses in ISO/CD 9001 are:
Clause 1 - Scope
Clause 2 - Normative reference
Clause 3 - Terms and definitions
Clause 4 - Context of the organization
Clause 5 - Leadership
Clause 6 - Planning
Clause 7 - Support
Clause 8 - Operation
Clause 9 - Performance evaluation
Clause 10 - Improvement

7. The terms 'document' and record' (used in ISO 9001:2008) have been replaced by the term 'documented information' in ISO/CD 9001

8. The term 'continual improvement' (used in ISO 9001:2008) has been replaced by the term 'improvement' in ISO/CD 9001.

9. The existing standard ISO 9001:2008 is based on eight quality management principles, while ISO/CD 9001 is based on seven quality management principles.

ISO 9001:2008 standard is based on following eight quality management principles: (i) Customer focus, (ii) Leadership, (iii) Involvement of people, (iv) Process approach, (v) System approach to management, (vi) Continual improvement, (vii) Factual approach to decision making, and (viii) Mutually beneficial supplier relationship.

One principle 'System approach to management' is dropped in ISO/CD 9001. There are some editorial changes also. Seven quality management principles, on which ISO/CD 9001 is based, are: (i) Customer focus, (ii) Leadership, (iii) Engagement of people, (iv) Process approach, (v) Improvement, (vi) Evidence-based decision making, and (vii) Relationship management.

10. Quality manual is not required in ISO/CD 9001.

11. Management representative is not required in ISO/CD 9001. Role of management representative is assigned to the top management.

12. ISO 9001:2008 requires six mandatory documented procedures. No mandatory documented procedure is required in ISO/CD 9001.

- Keshav Ram Singhal

Please share this article on social media for creating awareness on changes coming in forthcoming ISO 9001:2015 QMS. Thanks.

PDCA Cycle

Plan-Do-Check-Act Cycle is a popular tool for implementing ideas or system in a controlled way. This tool is also known as PDCA Cycle , or Deming Cycle. ISO 9001:2008 QMS standard suggests applying PDCA methodology to all processes. When you want to do something, something you wanted to improve, or something wrong you wanted to fix, then PDCA methodology provides you a better solution to achieve your goal.

You should use PDCA methodology:
- when you wish to bring improvement or wish to start a project
- when you wish to develop a new design of process or product
- when you wish to implement any change in your process or product



The four phases in the Plan-Do-Check-Act Cycle involve:
* Plan - Indentifying and analyzing what to do - First you should identify and establish your objectives and processes necessary to deliver your desired results.
* Do - Implement the processes as planned.
* Check - Measuring how effective the implementation has been, and also analyzing whether there could be any improved way. You should measure processes and product.
* Act - Implementing the improved solutions you analyze during the Check

- Keshav Ram Singhal

Understanding Management System Auditing - Six Principles of Auditing

Understanding Management System Auditing

Article - 3

Six Principles of Auditing

Keshav Ram Singhal

ISO 19011:2002 (the earlier version) mentioned five auditing principles - Ethical, Fair presentation, Due professional care, Independence, and Evidence-based approach, however the present version of the standard, ISO 19011:2011, Guidelines for auditing management systems, has mentioned six principles of auditing. First four principles discussed below are related to auditors and other two principles are related to the audit. These six principles are:

1. Integrity
2. Fair presentation
3. Due professional care
4. Confidentiality
5. Independence
6. Evidence-based approach

All above six principles provide basis to make the audit in a proper manner, so that an audit can be conducted inan effective and reliable manner. An audit provides information to the organization, thus providing opportunity to the organization to improve its performance. Audit conclusions will be relevant and sufficient, if audit principles are followed during the audit process.

Integrity



This is the first principle that relates to an auditor. The principle of integrity is the foundation of professionalism. Integrity is essential to auditing. An auditor should perform his auditing with integrity. Accordingly, the auditor should perform his work with honesty, diligence and responsibility. He should observe and comply with applicable legal (statutory and regulatory) requirements. He should demonstrate his competence while performing his work. He should perform his work in an impartial manner. He should remain fair and unbiased in all his dealings. He should be sensitive to any influences that may be exerted on his judgement while carrying out an audit.

Fair presentation

Fair presentation is the second principle that relates to an auditor. Fair presentation is the obligation on the auditor to report audit findings, audit conclusions and audit reports truthfully and accurately. It is expected from the auditor to also report – (i) significant obstacles encountered during the audit, (ii) unresolved diverging opinions between the auditor and the auditee.

Due professional care

Due professional care is the third principle that relates to an auditor. Due professional care requires the application of diligence and judgement in auditing. The application of diligence and judgement in auditing by the auditor reflects due professional care. It is for the auditor to exercise due professional care in accordance with the importance of task he performs. An auditor should exercise care in performing his task as the audit client(s) and other interested parties place confidence in him for doing so. The auditor should have the necessary competence to perform the task. The auditor should have the ability to make reasoned judgement (applying factual approach to decision making) in all audit situations. An auditor should remember that he performs a QMS audit to judge that the quality management system of the organization conforms to the planned arrangements to the requirements of ISO 9001:2008 QMS standard and requirements established by the organization. When an auditor is required to ascertain whether the quality management system of the organization is effectively implemented and maintained, then the application of diligence and judgement (factual approach to decision making) is required.

Confidentiality



Confidentiality is the fourth principle that relates to the security of information acquired during auditing activities. The principle of confidentiality is required to maintain security of information, which are revealed to an auditor during the audit process. ISO 19011:2011 has included this principle as a new auditing principle. It is required that an auditor should exercise discretion in the use and protection of information acquired during the audit process. An auditor should not use any information acquired during audit process for personal gain. Audit information should not be used inappropriately in a manner detrimental to the legitimate interests of the auditee. Proper handling of sensitive or confidential information is required from an auditor to keep the security of information.

Independence

Independence is the fifth principle that is the basis for the impartiality of an audit and the objectivity of the audit conclusions. An auditor should not audit his own work. Accordingly, (i) an auditor should be independent of the activity being audited; (ii) an auditor should be free from bias and conflict of interest, (iii) an auditor should maintain an objective state of mind throughout the audit process, (iv) an auditor should be free from prejudice or partiality that could affect objectivity, (v) an auditor should ensure that audit findings and audit conclusions are based on audit evidences.

Evidence-based approach

Evidence-based approach is the sixth principle that is the rational method for arriving at reliable and reproducible audit conclusions in a systematic audit process. Evidence-based approach as a principle of auditing is similar to the QMS principle ‘factual approach to decision making’. This principle is the rational method for reaching reliable and reproducible audit conclusions in a systematic way. Audit findings and audit conclusions should be based on audit evidences that are verifiable. An audit is conducted during a finite period of time and with finite resources, as such audit evidence should be based on samples of the information available. A QMS audit must be carried out in an objective manner. The auditing exercise mainly concentrates on gathering objective evidences. An appropriate use of sampling should be applied during auditing process.

If above six principles are applied while carrying out a QMS audit (including internal audit), the audit results will be useful to the organization and helpful for continual improvement of the system.

Scope and Vocabulary in ISO 19011:2011

Understanding Management System Auditing

Article - 2

Scope and Vocabulary in ISO 19011:2011

ISO 19011:2011 is an international standard that provides guidance on auditing management systems. Earlier version ISO 19011:2002 was a standard that was providing guidance on auditing quality and/or environmental management systems. There has been a number of other management system standards that have been published since then, therefore it is felt to widen the scope of the auditing guidance standard and as such ISO 19011:2011 has widen its scope. ISO 19011:2011 provides guidance on:
- Principles of auditing (Clause 4)
- Managing an audit programme (Clause 5)
- Conducting management system audits (Clause 6)
- Evaluation of competence of individuals involved in the audit process (Cause 7)

ISO 19011:2011 standard is applicable to all organizations that implement a management system and that require to conduct or manage management system audit (internal or external). The application of ISO 19011:2011 standard is possible to other types of audits, provided that special consideration is given to specific competence needed.

ISO 19011:2011 standard cites no normative reference.

For better understanding of the guidelines given in the standard, ISO 19011:2011 standard provides terms and definitions of following terms:
- Audit (3.1)
- Audit criteroa (3.2)
- Audit evidence (3.3)
- Audit findings (3.4)
- Audit conclusion (3.5)
- Audit client (3.6)
- Auditee (3.7)
- Auditor (3.8)
- Audit team (3.9)
- Technical; expert (3.10)
- Observer (3.11)
- Guide (3.12)
- Audit programme (3.13)
- Audit scope (3.14)
- Audit plan (3.15)
- Risk (3.16)
- Competence (3.17)
- Conformity (3.18)
- Nonconformity (3.19)
- Management system (3.20)

Most of the terms and definitions in ISO 19011:2011 standard have been adapted from ISO 9000:2005 standard.

ISO 19011:2002 (earlier version) included 14 terms and definitions, while the new version (ISO 19011:2011) includes 20 terms and definitions, thus adding following six terms:
- Observer
- Guide
- Risk (adapted from ISO Guide 73:2009)
- Conformity (adapted from ISO 9000:2005)
- Nonconformity (adapted ftom ISO 9000:2005)
- Management system (adapted from ISO 9000:2005)

Personnel involved in managing or conducting auditing should understand above terms. Understanding above terms will enable you to understand the ISO 19011:2011 standard ion a clear manner. We are not discussing these terms in this chapter and readers are advised to refer to the standard.