Module 2. Food safety and quality management systems

Lesson 8


8.1 Introduction

ISO 9000 consists of a set of standards and a certification process for companies. By receiving ISO 9000 certification, companies demonstrate that they have met the standards specified by the ISO. The standards are applicable to all types of companies and have gained global acceptance. In many industries ISO certification has become a requirement for doing business. Also, ISO 9000 standards have been adopted by the European Community as a standard for companies doing business in Europe. In December 2000 the first major changes to ISO 9000 were made, introducing three new standards as given in the following paragraphs.

8.2 ISO 9000:2000–QMS: Fundamentals and Standards

The ISO 9000:2000 set provides the terminology and definitions used in the standards. It is the starting point for understanding the system of standards. This standard describes the concepts of a quality management system (QMS) and defines the fundamental terms used in the ISO 9000 family. The standard also includes the eight quality management principles which were used to develop ISO 9001 and ISO 9004. This standard replaces ISO 8402:1994 and ISO 9000-1:1994.

8.3 ISO 9001:2000–QMS: Standard Requirements

This is the standard used for the certification of organisation’s QMS. It is used to demonstrate the conformity of quality management systems to meet customer requirements. This standard specifies the requirements for a QMS, whereby an organization needs to assess and demonstrate its ability to provide products that meet customer and applicable regulatory requirements and thereby enhance customer satisfaction. This standard replaces ISO 9001:1994, ISO 9002:1994 and ISO 9003:1994.

8.4 ISO 9004:2000–QMS: Guidelines for Performance

ISO 9004:2000 provides guidelines for establishing a quality management system. It focuses not only on meeting customer requirements but also on improving performance. This standard provides guidance for continual improvement and can be used for performance improvement of an organization. While ISO 9001 aims to give quality assurance to the manufacturing processes for products and to enhance customer satisfaction, ISO 9004 takes in a broader perspective of quality management and gives guidance for future improvement. This standard replaces ISO 9004-1:1994. Guidelines for self-assessment have been included in Annexure A of ISO 9004:2000. This annex provides a simple, easy-to-use approach to determine the relative degree of maturity of an organization’s QMS and to identify the main areas for improvement.

8.5 ISO 9001:2000–QMS: Standard Requirements for Application in a Dairy Plant

An ISO 9001:2000 quality management system can be implemented through the following steps:

Step-1 Evaluate the organization’s need/goals for implementing a QMS

Need for implementing QMS may arise from repeated customer complaints, frequent warranty returns, delayed deliveries, high inventories, frequent production hold-ups and high level of rework or rejection of products or services. At this stage one should identify the goals which one would like to achieve through a QMS such as customer satisfaction, increased market share, improved communications and morale in the organization, greater efficiency and profitability, etc. Another objective in implementing a QMS may be a demonstration of compliance through third party certification, which may be requested by an important client or required for enlisting as a supplier to large companies, e.g. original equipment manufacturers (OEMs).

Step-2 Obtain information about the ISO 9000 family:

The persons identified for initiating the development of an ISO 9000 QMS need to understand the requirements of ISO 9001:2000 as read with ISO 9000:2000 and ISO 9004:2000. Supporting information such as quality management principles, frequently asked questions (FAQs), guidance on clause 1.2 (application) of ISO 9001:2000, guidance on documentation requirements of ISO 9001:2000 and other brochures are available free of charge on the ISO web site at http://www.iso.org

Step-3 Appoint a consultant, if necessary

If, within the organization, one does not have adequate competence to develop a QMS, one may appoint a consultant. Before doing so, it is good to check his/her background; knowledge about the product realization processes of the organization and experience in helping other organizations to achieve their stated goals, including certification. One should carry out a cost-benefit analysis of hiring a consultant and agree the scope of his/her work in writing. It is also possible to appoint a consultant only for the training of key staff; the latter can then carry out further training and development of the system.

Step-4 Awareness and training

Awareness about QMS requirements should be raised amongst all personnel performing activities that affect quality. One may plan for and provide specific training on how to develop Quality Manuals, on procedures, on QMS planning, on how to identify and implement improvement processes and on how to audit compliance with the QMS, etc. The Institute of Quality Assurance (IQA), the American Society for Quality (ASQ) and the International Auditor and Training Certification Association (IATCA) can provide lists of training organizations.

Step-5 Gap analysis

Gaps between existing quality management system and the QMS requirements of ISO 9001 need to be evaluated. Preparations should be made how to bridge these gaps, including by planning for any additional resources required. Gap analysis may be carried out through self-assessment or by the external consultant.
Step-6 Product realization processes: review clause 7 of ISO 9001: 2000
Relating to ‘Product realization’ to determine how the requirements apply or do not apply to the company’s QMS.

The processes covered by this clause include
  • Customer-related processes
  • Design and development
  • Purchasing
  • Production and service provision
  • Control of measuring and monitoring devices
Note that if the company is not responsible for preparing the design of the product, one can exclude the requirement for ‘design and development’ from the QMS and explain the reasons for doing so in the companies Quality Manual.

Step-7 Staffing

The organisation should decide on the responsibilities of the persons who will be involved in developing and documenting the QMS, including the appointment of a management representative who will oversee the implementation of the QMS. Establishing a project steering committee may also prove useful to oversee progress and provide resources wherever required.

Step-8 Plan a time frame

A complete plan should be prepared to close the gaps identified in step 5 to develop the QMS processes. The plan should include activities to be performed, resources required, responsibilities and an estimated completion time for each activity. Clauses 4.1 and 7.1 of ISO 9001:2000 provide information that should be used when developing the plan. The total time required for each phase (planning, documentation, implementation and evaluation) depends on the extent of the gaps in the existing QMS.

Step-9 Draft a quality manual
  • Include how the QMS applies to the products, processes, locations and departments of the organization;
  • Exclude any requirement with justification for doing so as decided in step 6 above;
  • Refer to or include: documented procedures for QMS;
  • Describe the interaction between the processes of the QMS, e.g. the interaction between product realization processes and other management, measurement and improvement processes and
  • Draft the quality policy and quality objectives for the organization.
The staff concerned in the organization should review the Quality Manual and the documented procedures so that their comments and suggestions can be taken into account before the Quality Manual and procedures are approved for issue and use. The effective date of implementation should also be decided.

Step-10 Carry out internal audits

During the phase of implementation of some three to six months after the documentation has been written, the trained auditors should carry out one or two internal audits covering all activities for the QMS and concerned management should take corrective action on the audit findings without delay. Wherever required, the manuals, procedures and objectives should be revised. After each internal audit, the top management should review the effectiveness of the system and provide necessary resources for corrective actions and improvements.

Step-11 Apply for certification

If the company decides to obtain third party certification, it can make an application for certification to an accredited certification body. The certification audit process is explained in step 7.

Step-12 Conduct periodic evaluations

After certification, the organization should periodically conduct internal audits to review the effectiveness of the QMS and see how it can be ‘continually improved’. The organization should evaluate periodically if the purpose and goals (step 1) for which the QMS was developed are being achieved, including its continual improvement.

Step-13 Certification

The process of becoming certified to ISO 9001 and how to maintain this status once one has achieved it, are given in the steps below
  1. How to select a certification body Organizations that desire to obtain a certificate need to submit an application to the certification body of their choice. The issues to consider when selecting a certification body include:
  • Whether the nature of accreditation of the certification body is acceptable in the market to which the organization wants to export;
  • The market image of the certification body;
  • Quotations for the certification and audit fees, etc.
It is advisable that one selects a certification body which is accredited. Accreditation is ‘a procedure by which an authoritative body gives formal recognition that a body or person is competent to carry out specific tasks,’ as per ISO/IEC Guide 2:1996. Thus an accredited certification body has been given formal recognition of its competence to carry out ISO 9000 certification/ registration.

Step-14 Prepare for assessment

The first requirement under ISO 9001:2000 is to define the organization's processes that affect quality, so that the first step is that the auditor from the certification body meets with the organization's management to gain an understanding of its processes. Normally speaking, then, the certification audit process starts with a review of the organization’s Quality Manual and procedures by the certification body’s auditor, to ensure that the Manual covers the requirements of the standard. This is known as an ‘adequacy audit’ or ‘document review audit’.

Step-15 Preparing for assessment

The auditor conveys any gaps (non-conformity) found in the documents to the organization for necessary actions and re-submission of the documents, if required. The certification body also examines, where relevant, the justification included in the Quality Manual for not including certain product realization processes (e.g. if a company does not design a product, it can exclude the requirements of Clause 7.3 of ISO 9001, but this would need to be explained in the Manual). Such exclusions should be acceptable to the certification body.

Step-16 Auditing

After satisfactory completion of the document review audit, the auditors undertake the second part of the audit process at the organization’s location at a mutually agreed time and date(s) – certification audits are not surprise visits. The audit at location begins with an ‘opening meeting’. During this meeting, the auditors explain to the management how the audit will be conducted and when and how the findings will be conveyed to the management. The auditors collect evidence of conformity/ non-conformity through observation of activities, examination of procedures/ records, observations of conditions of house- keeping, through interviews with the concerned managers/ personnel of the organization, etc. on a sampling basis. The information gathered through interviews is verified/ tested by the auditors by acquiring the same information from other sources such as physical observations/ measurements performed on the product and their related records. The auditors visit and verify compliance with the QMS in all the departments and functions within the scope of the QMS.

Step-17 Non-conformity

The evidence collected by the auditors is compared with the audit criteria (Company’s policies and objectives, manuals, procedures, instructions, contracts, regulations. etc.) and audit findings including non-conformity, if any, are clarified and reported to the management at the end of the site audit in a formal meeting with the management called ‘closing meeting’. The non-onformities (NCs) are graded by the auditors as ‘major’ or ‘minor’. ‘Observations’ are also noted. A ‘major’ NC indicates that
  • The company has failed to implement any one part of or the full QMS; or
  • Any specific department of the company has failed to implement the QMS as applicable to the department; or
  • A number of ‘minor’ non-conformity in the same QMS requirements are found.
A ‘minor’ NC means an isolated incident of a failure to comply with a defined process or QMS requirement.
An ‘observation’ indicates that if the situation as found during the audit is not addressed it may lead to an ‘NC’ in future.

Where a major nonconformity is found, the recommendation for certification is deferred until corrective action on the same is verified through a follow-up audit. After obtaining the organization’s timetable for corrective action, recommendations for certification are decided by the Lead Auditor (the leader of the audit team) and these recommendations are conveyed to the organization in the closing meeting itself.

Step-18 Award of the ISO 9000 certificate

The certification body issues a certificate to the organization, based upon the recommendations of the Lead Auditor and independent review of these recommendations. The certificate is issued for the specific scope of the business and the products or services for which the organization has implemented a QMS.

Step-19 Surveillance audits

The certificate is initially awarded for a period of three years. During this time, periodic surveillance audits (once or twice a year) are carried out by the certification body on mutually agreed dates. An audit plan for three years indicating the scope of audit in each surveillance audit is transmitted to the organization in advance by the certification body. These audits are planned in such a manner that all aspects of the QMS are audited over a period of three years. A re-certification audit is carried out after three years using steps 2-5 above. During the period of certification, the certification body may examine records relating to the quality complaints made by customers either directly to the organization, or to the certification body, to check if the organization is taking appropriate action (s) to eliminate the cause of such complaints. The certification body also examines any misleading use of the logo of the certification body and/ or the accreditation body or incorrect references to the certification, if any, made by the organization.
Last modified: Saturday, 29 September 2012, 10:39 AM