Where to Start to Implement ISO 9001

[John Broomfield]

John - We do in our organisation - we have no controls over what is record, how its recorded, where it is stored and who owns the information - without the policy we wont get commitment from the sections to support it.

I wanted to go with just QA Policy - with just a one liner, but I have to used the corporate template for a policy.

Batman,

The "sections" will support a procedure that makes records easy (and secure) to file and retrieve.

This could be done by a policy decision but I recommend drawing up a table to show the types of record, who keeps them, how they are identified, where they keep them, for how long they are kept for immediate retrieival, when archived, archive identifier, where archived and for how long, and how destroyed.

In drawing up this table you should involve the leaders of each section and in so doing they can agree their procedure for filing and archiving.

A Records Policy will likely not get you as far in the development of your process-based management system.

John

 

[batman1056]

Batman,



... I recommend drawing up a table to show the types of record, who keeps them, how they are identified, where they keep them, for how long they are kept for immediate retrieival, when archived, archive identifier, where archived and for how long, and how destroyed.


John

Exactly what I wanted to do - that is the next step. we have a team " information governance group" that looks at everything from FOI, Data protection, Data Quality to Record Controls (file plans etc). We have drawn up a high level map of what is needed (policies) - and outlined the procedures and guidelines needed to conform - these processes will support the QA approach.

Origianlly - we had two policies (quality and IT) - and the aim was to develop the guides, processes and procedures which people would use. This is no longer an option as management wanted some high level aim for more areas -

 

[John Broomfield]

Exactly what I wanted to do - that is the next step. we have a team " information governance group" that looks at everything from FOI, Data protection, Data Quality to Record Controls (file plans etc). We have drawn up a high level map of what is needed (policies) - and outlined the procedures and guidelines needed to conform - these processes will support the QA approach.

Origianlly - we had two policies (quality and IT) - and the aim was to develop the guides, processes and procedures which people would use. This is no longer an option as management wanted some high level aim for more areas -

Batman,

Great!

The fact that you already have two Records Policies and the evidence posted here that they do not work kinda explains why I am not a big fan of policies as tools of change.

I also avoid saying the QA approach. This smacks of the "we know best department".

Instead of being a department, QA is best delivered by everyone using their system to fulfill requirements. That is what provides the confidence that requirements will be met.

The process is the work and the procedure is the way of carrying out the work. Better to capture and show the way the work is done first, then everyone can see the waste and will want to change it for themselves. Then you end up with more buy-in for the new Filing and Archiving Procedure.

John

 

[batman1056]

Without defining your product and scope your system this is pure guesswork.

John

Type Scope Clause
Business Planning and Strategic Development 5.4
- Agreed - 5.4.1 measurable objectives

Finance Captial Projects 6.1 (still not sure about this one - our FCP seciton is more about managing how we spend capital investment, 6.1 - the provision of resources (6.1b) can in some stretched way be linked to this - but they just agree and monitor the money being spent by the projects team - who in my opinion will be in scope as they are providing or developing things that the end user may interact with. (which would be 6.3)

Finance 6.2 - they make payments to suppliers for goods, but the specifications are deemed by procurement. - If anything I would have thought 7.4.1, 7.4.2.

Human Resources 6.2 - agreed - (6.2.2)

IT 6.3 - agreed if IT interact with the customer, I suppose the argument you will put across is that without IT we can not interact - but IT's function is internall focused about keeping internal things moving - customer will not interact with that - Media manages the internet, hardware is managed by IT. - I am still unsure about this one (IT)

Health & Safety 6.4 - fits in a few areas including 6.2.2

Legal Services 7.2 - normally deal with FOI, data protection and legal law cases (against the public) - I will keep this one in.

Business data gathering (intelligence) Maybe 8.4 - for 8.4 we have dedicated monitoring sections and market research - the Business data section is more about presenting the data in a nice way - fits with 8.4, will assess what they do - data is only of internal use.

Admin 4.2.4 - this is more about corporate admin and reports to and from management - so in theory would sit with 4.2.4 from the main one 5.6.1

 

[John Broomfield]

Batman,

Are you asking for advice or running a quiz?

John

 

[batman1056]

John - asking for advice - sorry if its not coming across clear - I am busy doing 3 things at once (again) -

My statements (in the previous post) were seeking clarification.

Many thanks for all your help today - I can go home soon - no snow today

 

[Marc]

Not been on here for a while - got tied up on other elements - back to implementing ISO9001 - I have listed a descriptions of some of the departments I need to examine and have put a NO next to those I feel are outside the scope of the ISO (as they should in theory not affect the service received by the customer) (see attached)

Am I going down the right route?
I was thinking of engaging with each section - map the inputs and outputs to the customer and start to look at ways quality is checked and managed.

Type Scope Clause
Business Planning and Strategic Development 5.4
- Agreed - 5.4.1 measurable objectives

Finance Captial Projects 6.1 (still not sure about this one - our FCP seciton is more about managing how we spend capital investment, 6.1 - the provision of resources (6.1b) can in some stretched way be linked to this - but they just agree and monitor the money being spent by the projects team - who in my opinion will be in scope as they are providing or developing things that the end user may interact with. (which would be 6.3)

Finance 6.2 - they make payments to suppliers for goods, but the specifications are deemed by procurement. - If anything I would have thought 7.4.1, 7.4.2.

Human Resources 6.2 - agreed - (6.2.2)

IT 6.3 - agreed if IT interact with the customer, I suppose the argument you will put across is that without IT we can not interact - but IT's function is internall focused about keeping internal things moving - customer will not interact with that - Media manages the internet, hardware is managed by IT. - I am still unsure about this one (IT)

Health & Safety 6.4 - fits in a few areas including 6.2.2

Legal Services 7.2 - normally deal with FOI, data protection and legal law cases (against the public) - I will keep this one in.

Business data gathering (intelligence) Maybe 8.4 - for 8.4 we have dedicated monitoring sections and market research - the Business data section is more about presenting the data in a nice way - fits with 8.4, will assess what they do - data is only of internal use.

Admin 4.2.4 - this is more about corporate admin and reports to and from management - so in theory would sit with 4.2.4 from the main one 5.6.1

It looks to me line they're side processes but I would look to hooks to them from QMS processes.

 

[batman1056]

Thanks Marc - I am not going to prioritise some of the above, Will concentrate on service delivery the elements we link to customer satisfaction (media, services, maintenance etc)

 

[Marc]

I say to look for hooks (aka links) because typically there is going to be a QMS related interface somewhere if only data (aka informations) input(s) and/or output(s). I think you've thought them out well, for example

"Legal Services 7.2 - normally deal with FOI, data protection and legal law cases (against the public) - I will keep this one in."

 

[JaneB]

Thanks Marc - I am not going to prioritise some of the above, Will concentrate on service delivery the elements we link to customer satisfaction (media, services, maintenance etc)

That's a good focus and a good approach. You may, as you go further, discover there's a few other things/areas/whatever that you need to include some of that you hadn't anticipates, but if you focus on what you do to turn customer requirements into service delivery, you can't go far wrong at this point.