As Stijloor stated - this may help?
Within ISO 9001:2001, there is only a mandatory requirement for the following documented procedures
· 4.2.3 Control of Documents
· 4.2.4 Control of Records
· 8.2.2 Internal Audits
· 8.3 Control Of Non-Conforming Product
· 8.5.2 Corrective Action
· 8.5.3 Preventative Action
The term used within ISO9001: 2001 is “documented procedure”; this means that the procedure is established, documented, implemented and maintained.
A good structure for a new “Quality Management System” could follow the 4-tier approach:
. Level 1 - Quality Manual - Company Scope and Interactions of Process within the QMS.
. Level 2 - Quality Procedures – Defines responsibilities, controls and activities within the QMS that effect customer service.
. Level 3 – Records - Records / states objective evidence to demonstrate our goal in achieving “customer satisfaction”.
. Level 4 – Forms, Reports – Information that supports the QMS processes
Control of Documents
· How “Your Company” approves documents prior to use e.g. sign off for paper versions, password protected for computer network forms.
· How “Your Company” updates and re-approve amended documents
· How “Your Company” identifies changes e.g. by date or issue number, identify different fonts / colours
· How “Your Company” ensure documents are available where they are needed
· How “Your Company” control external origin
· How “Your Company” prevents the inadvertent use of obsolete documentation.
Definition – “document” is an instruction to achieve a process, were unauthorised changes could cause a problem.
Examples – Quality Manual, procedures, flow charts, project plan, National Standards, Industry Requirements, Codes of Practice, Drawings, Software, Customer Specifications, visual samples.
Control Of Records
· “Your Company” must define which records are kept
· “Your Company” must define by whom is the record kept
· “Your Company” must define a how long a period each record is retained
· “Your Company” must define how they are disposed
With ISO9001 instruction “see 4.2.4” means records must be retained these include the following:
· 5.6.1 Management Review Minutes
· 6.2.2 Records of education, training, skills and experience
· 7.1 Evidence that product realization processes and product fulfils requirement
· 7.3.2 Design and development inputs
· 7.3.4 Design and development reviews and any related actions
· 7.3.5 Design and development verification (paper exercise) and any related actions
· 7.3.6 Design and development validation (produce confirmation) and any related actions
· 7.3.7 Design and development changes and any related actions
· 7.4.1 Results of Supplier evaluation and any actions arising
· 7.5.2 Records to demonstrate the validation of special processes
· 7.5.3 Where traceability is required, the unique identification of the product is recorded
· 7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable
· 7.6 Basis used for calibration of measuring equipment where no international standards exist
· 7.6 Validity of the previous measuring results when measuring equipment is found to be out of calibration
· 7.6 Results of calibration and verification of measuring equipment
· 8.2.2 Internal audit results and follow-up actions
· 8.2.4 Indication of the person(s) authorizing release of product
· 8.3 Records of the product nonconformities and any subsequent actions
· 8.5.2 Results of corrective action
· 8.5.3 Results of preventive action
Internal Audit
· “Your Company” must define the audit criteria e.g. what do we audit against, procedures, regulations, contractual requirements
· “Your Company”must define the Scope of the audit e.g. how far must we go, that would be sufficient to prove processes and interactions
· “Your Company” must define the Program Frequency (the whole QMS at least once a year)
· “Your Company” must define method e.g. interviewing staff, observation, viewing relevant records
· “Your Company” must report results
· “Your Company” must keep audit records
Control of Non-Conforming Product
· “Your Company” must define actions to stop the use of reject or suspect items
· “Your Company” must define how the concession system works
· “Your Company” must define actions to correct the problem
· “Your Company” must define how an item is checked following rework
· “Your Company” must define how a product recall or retro-fit is controlled
Corrective Action Procedure
Note: - Corrective action is re-active, dealing with the problem AFTER the event.
· “Your Company” must locate the cause of the problem
· “Your Company” must decide an appropriate course of action to stop the problem recurring
· “Your Company” must put the plan into action
· “Your Company” must ensure that the actions has solved the problem
· “Your Company” must review non-conformance report and customer complaints.
Preventive Action Procedure
Note: - Preventive action is a pro-active procedure i.e. dealing with the problem BEFORE it happens.
· “Your Company” must review potential problems
· “Your Company” must decide the potential cause of the problem
· “Your Company” must decide an appropriate course of action to stop the problem occurring
· “Your Company” must put the plan into action
· “Your Company” must ensure that the preventive action has solved the potential problem
·
Possible review to action: -
· Analysing data (8.4) and setting objectives (5.4.1)
· Clarifying customer requirements (7.2 and 7.3)
· Applying a proven corrective action (8.5.2) to other areas of the business analysing data (8.4) and setting objectives (5.4.1)
· Disaster recovery plan - what will you do if your building burns down, you lose a major customer, a raw material is no longer available, etc.?