Monday, February 14, 2011

What’s the difference between ISO 9001 and CMM?

Understanding the difference between ISO 9001 Standards and CMM means recognising a cultural understanding of quality. -Microsoft and many other software companies govern quality with the 80-20 rule,” said David Smith, vice president of Technology Futures, a technology forecasting company in Austin, TX. -The rationale is, ‘it’s a real product if 80 percent of the problem can be addressed and the remaining 20 percent is part of the business model.’ But the reality is the software industry’s business model is not a business model of total quality. And that is part of the challenge when you compare a CMM model against an ISO 9001 Standards model.”

The problem, as Smith sees it, is a conflict between the approaches to quality of ISO 9000 Standardsand CMM programs, on the one hand, and the business model that corporations use on the other. -When you’re developing a product, the hardest problems to fix are the last 20 percent,” noted Smith.

Smith highlights three critical elements for understanding ISO 9001 and CMM:

  • Understanding and documenting the true requirements is a key element in both standards.
  • Document how you write the software code so other people can understand its value.
  • Understand the requirements outlined in the program management and business models. It means understanding the maximum payback from the ISO and CMM levels. This is difficult to achieve because it requires both management and supervisory hats.

Software in the original description of ISO 9001 is different from software that runs on a computer, explains Mark Paulk, a senior member of the technical staff at Carnegie Mellon’s SEI.

Paulk’s advice: Understand the essence of ISO 9001 so you can compare it to CMM. ISO 9001′s definition of software is more general and includes music, entertainment, or anything involving the creation of an intangible product.

-But the original bias of the standard was strongly toward the manufacturing environment, where all the historical work had been done,” said Paulk. -And that is one of the criticisms of the early releases of the standards. One of the objectives of the ISO 9000 revisions was it failed to make the standard more comfortable to users in other environment
Posted by at No comments:
Labels:

ISO 9001 Standard Operating Procedures

A quality management system can improve a business’ operational processes and, as a result, the quality of its products or services. A quality management program also makes clear to customers the business’ strong focus on quality and satisfaction. To this end, implementing ISO 9001 quality management standards from the highly respected ISO (the International Organization for Standardization) can be an especially smart step for businesses in any industry sector or part of the world.

    Source

  1. ISO 9001 comes from ISO, the largest and most widely known and respected source for quality management standards. This nongovernmental organization is a network of national standards institutes of 162 countries. ISO standards do not have the power of law but are based on consensus among its members, who represent the needs of both business and society at large. Since its founding in 1947, ISO has published more than 17,500 international standards.

    2. Benefits

  2. For society, ISO 9001 standard operating procedures help to ensure that products and services around the world meet expectations for quality. For businesses who implement ISO 9001, the main benefits as described by ISO are “the connection of quality management systems to organizational processes” and “a natural progression toward improved organizational performance.” Companies using ISO 9001 see reduced costs and increased customer satisfaction due to improved quality.

    3. Features

  3. In 1987, ISO developed ISO 9001 to define the components of a quality management system—for example, specific processes, documentation and roles dedicated to ensuring quality.ISO 9001 calls for organizations to adopt ISO’s Quality Management Principles and a process approach and to heavily engage top management in the quality process. In addition, organizations following ISO 9001 must establish relevant quality objectives and closely measure outcomes with a focus on continuous improvement.

    4. Implementation

  4. Once an organization has chosen to use ISO 9001 standard operating procedures, it should begin to instill in its employees the Quality Management Principles. Next, the business should analyze the standards and conduct a gap analysis to understand how existing processes might need to change to comply with ISO 9001. Finally, the organization should work through the adjustment of existing processes and the development of new processes to achieve compliance with the ISO 9001 standards.

    5. Certification

  5. While organizations can follow ISO 9001 without being certified, taking this additional step can help raise an organization’s image and credibility. ISO does not provide certification; organizations can obtain certifications from specialized third-party auditors that verify compliance to ISO 9001. The organization can then publicize and promote its certification, within ISO guidelines, as a hallmark of its quality commitment.
Posted by at No comments:
Labels:

How to Maintain ISO 9001 Standards QMS

How to Maintain ISO 9001 Standards QMS (Quality Management System)

ISO 9001 is a quality management system (QMS) created and maintained by the International Organization for Standardization (ISO), the largest developer of international standards in the world. QMS systems are meant to provide organizations with a formal framework for process improvements and quality standards. The system provides a set of procedures that covers all key processes to ensure they are effective. It also provides a methodology for record-keeping, checking for defects and continuous improvement and maintenance of these functions.

- Provide resources needed to support process operations, monitoring and the management review process.

- Transform and maintain physical workspaces, equipment, hardware, software, utilities and support services needed to meet requirements.

- Develop a system to review transportation (if any), communication and information services for sharing data relating to ISO 9001 standards.

- Provide adequate training for management reviewers (MRs) and internal auditors. They should have the right experience, education and skills needed to ensure that competence requirements are being met.

- Keep a record of the review process. This includes corrective and preventive action procedures.
Posted by at No comments:
Labels:

ISO 14001 Standards Audit

ISO 14001 sets out a system that can be audited and certified. In many cases, it is the issue of certification that is critical or controversial and is at the heart of the discussion about the trade implications.Certification means that a qualified body (an accredited certifier) has inspected the EMS system that has been put in place and has made a formal declaration that the system is consistent with the requirements of ISO 14001.The standard allows for self-certification, a declaration by an enterprise that it conforms to ISO 14001. There is considerable skepticism as to whether this approach would be widely accepted, especially when certification has legal or commercial consequences. At the same time, obtaining certification can entail significant costs, and there are issues relating to the international acceptanceof national certification that may make it particularly difficult for companies in some countries to achieve credible certification at a reasonable cost. For firms concerned about having certification that carries real credibility, the costs of bringing in international auditors are typically quite high, partly because the number of internationally recognized firms of certifiers is limited at present.2The issue of accreditation of certifiers is becoming increasingly important as the demand increases.Countries that have adopted ISO 14001 as a national standard can accredit qualified companies as certifiers, and this will satisfy national legal or contractual requirements. However, the fundamental purpose of ISO is to achieve consistency internationally. If certificates from certain countries or agencies are not fully accepted or are regarded as second class, the goal will not have been achieved. It is probable that the international marketplace will eventually put areal commercial value on high-quality certificates, but this level of sophistication and discrimination has not yet been achieved. It is essential to the ultimate success of the whole system that there be a mechanism to ensure that certification in any one country has credibility and acceptability elsewhere.The ISO has outlined procedures for accreditation and certification (Guides 61 and 62), and a formal body, QSAR, has been established to operationalize the process. At the same time, a number of established national accreditation bodiesheavily involved in ISO have set up the informal International Accreditation Forum (IAF) to examine mechanisms for achieving international reciprocity through multilateral agreements (MLAs). However, these systems are in the earlystages, and many enterprises continue to use the established international certifiers, even at additional cost, because of lack of confidence in the acceptability of local certifiers.Given the variability in the design of individual EMS and the substantial costs of the ISO 14000 certification process, there is a growing tendency for large companies that are implementing EMS approaches to pause before taking thislast step. After implementing an EMS and confirming that the enterprise is broadly in conformance with ISO 14001, it is becoming routine to carry out a gap analysis to determine exactly what further actions would be required to achievecertification and to examine the benefits and costs of bringing in third-party certifiers.
ISO 14001 Standards Certification

ISO 14001 Standards sets out a system that can be audited and certified. In many cases, it is the issue of certification that is critical or controversial and is at the heart of the discussion about the trade implications.

Certification means that a qualified body (an accredited certifier) has inspected the EMS system that has been put in place and has made a formal declaration that the system is consistent with the requirements of ISO 14001 Standards.

The standard allows for self-certification, a declaration by an enterprise that it conforms to ISO 14001 Standards. There is considerable skepticism as to whether this approach would be widely accepted, especially when certification has legal or commercial consequences. At the same time, obtaining certification can entail significant costs, and there are issues relating to the international acceptance of national certification that may make it particularly difficult for companies in some countries to achieve credible certification at a reasonable cost. For firms concerned about having certification that carries real credibility, the costs of bringing in international auditors are typically quite high, partly because the number of internationally recognized firms of certifiers is limited at present.

The issue of accreditation of certifiers is becoming increasingly important as the demand increases.
Posted by at No comments:
Labels:

ISO 9001 Standards & ISO 14001 Standards

In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.

Prior to the commencement of a revision (or amendment) to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a “Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:

-the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
-feedback from the ISO/TC 176/Working Group on “Interpretations”
-the results of an extensive worldwide “User Feedback Survey on ISO 9001 and
The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:

1) No changes with high impact would be incorporated into the standard;

2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;

3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:

-No changes or minimum changes on user documents, including records

-No changes or minimum changes to existing processes of the organization

-No additional training required or minimal training required

-No effects on current certifications

The benefits identified for the ISO 9001:2008 edition fall into the following categories:

-Provides clarity

-Increases compatibility with ISO 14001.

-Maintains consistency with ISO 9000 family of standards.

-Improves translatability.
Posted by at No comments:
Labels:

Audit Of Electronic Documents In ISO 9001 Standards

Electronic documents that establish management system policies and procedures can be in a variety of file formats depending on the software applications that are utilized by the organization to generate the documents. Electronic file formats include, Text, HTML, PDF, etc. Spreadsheets and databases formats are also considered to be electronic “documents” subject to the control elements of the management system to being audited.

Given the relative ease with which users can now create electronic spreadsheets and other electronic documents, auditors (either internal or external) should ensure that policies governing the controls that apply to management system documentation in-general are also employed for electronic documents through appropriate procedures.

Organizations need to employ suitable and effective methods within the electronic environment for ensuring the adequate review, approval, publication and distribution of its management system documentation. These should be consistent with the methods for the development and modification of electronic documents.

In many cases document control measures may also be standard features of software applications used for their creation. Therefore auditors should understand these application-specific controls to the degree that these are utilized as a basis for conformance to the applicable management system standard.

Given the increased capacity to modify, update, reformat and otherwise improve documents within an electronic-based management system, auditors should pay particular attention to control elements such as document identification and document revision level.

As electronic media facilitates an increased rate of document modifications, auditors should verify that the controls being employed for the management of obsolete documents are considered within the organizations’ document control policies and procedures.

Auditors should verify that electronic-based documentation exists to provide orientation to users with regard to the functional and control aspects associated with electronic documents. Additionally, “Point-of-use” requirements associated with the applicable management system standards will typically be addressed in part by the organization’s document access policies. Auditors should understand the organization’s policies and procedures regarding user privileges as these become important factors for properly realizing the organization’s processes.

External electronic communication with suppliers, customers and other interested parties may involve the exchange of documents. Given that these external documents may contain key parameters that specify the functioning of the organization’s processes, auditors should verify the degree to which these documents are formally introduced and controlled within the electronic-based management system.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)