The AviSO Consultancy Approach

KEY SUPPORTING SOFTWARE COMPONANTS

Microsoft Teams - In addition to site visits, Teams is set up at the initial stage to enable remote face-to-face contact and communication, incorporating the 'Back Office' for messages and permission-based access to the management system.

SharePoint – A secure method of sharing resources, data, and information between the organisation, team members, and the consultant.

‍Toolbox - Provides an easily managed and accessible AvISO bespoke method of building and storing information and data as an integral part of the management system.

As a part of our process of delivering a quality management system, our experienced consultants recognise the importance of developing a client-friendly business relationship. 

‍Below is an example of the approach and necessary steps required to implement an ISO 9001:2015 Quality Management System:
‍
‍

BS EN iso 9001:2015 quality management system overview, the clauses.

Explanation of clauses 1 to 3.

These clauses are not assessed against but provide a useful reference when determining how to apply the requirements of ISO 9001 to your organisation

(Clause 1) Scope:

Refers to the requirements your QMS must meet to fulfil the criteria (Clauses 4-10) of the ISO 9001:2015 Quality Management standard. The QMS must demonstrate the following:‍‍

• the ability to consistently provide quality products/services
• meet customer, regulatory and legal requirements
• focus on customer satusfaction
  
• integral processes for continual improvement
  

(Clause 2) Normative references.

Simply all critical documents/ material needed to fulfil requirements of the Standard. You can view a complete list of the clauses and mandatory documents here. Bear in mind that these documents should be updated with the correct version and date to ensure conformity, platforms such as Microsoft Teams and SharePoint used by our consultants have automatic version control to make life easier.

(Clause 3) Terms and definitions:
‍
ISO standards are deliberately abstract as this is one reason the ISO standard is so internationally sought after; the ISO:9001 QMS can be applied to any business or sector effectively. To decipher the jargon, there is a valuable reference document, ISO:9000:2015 – Fundamentals and Vocabulary. 

(Clause 4.1) Understanding the organisation and its context.  

Once you have defined the purpose of your QMS and business, Clause 4.1 requires an assessment of the broader context. What external and internal issues affect The Organisation's reaching its desired outcomes? These can be both positive and negative. Consider external legal requirements, competitors, market dynamics, and cultural, social, and economic environments in which your business operates. Internally, consider the organisation's values, culture, knowledge, and performance to identify potential risks and opportunities. 

(Clause 4.2) Understanding the needs and expectations of Interested Parties:
‍
Consideration of shareholders and stakeholders must be taken into account when determining the extent of your management system and all its operating processes. These include all people, institutions, and suppliers, not just customers, that affect the running of your business. Once defined, evaluate the relationship or interaction in terms of their needs and expectations, then rank them in relation to their importance to your business. There are many ways to prioritise Interested Parties, including Authority/ Interest Matrixes or the Six Markets Model.

What the Standard is asking for:
‍
Understanding your business and the context that it operates in. Looking at the internal or external issues and the risks and opportunities that they must build a picture of your business operation. Considering interested parties' expectations, the extent of the management system and its operating processes.

What this means and the approach:
‍
You will need to establish and identify the issues from both inside and outside of your organisation and the positive and negative effects. Consideration of shareholders and stakeholders must be considered when determining the extent of your management system and all its operating processes. 

Examples of Relevant Records:‍‍‍

• External and internal issues – Risks and Opportunities Register
• Interested Parties Analysis with all the parties that are relevant to the organisation
• Documented statement of scope and boundaries of the Management System
  
• Identification of ISO 9001 requirements that don't apply to the management system
  

(Clause 4.3) Determining the Scope of the Quality Management System.

One of the first things our consultant and your organisation will define is the "Scope" of your Quality Management System. It should be short, simple, and precise. Defining scope requires reflection on the purpose of your QMS and business objectives. What are the boundaries of your management system? Are there any clauses that aren't relevant to your business? What product/ service is your Organisation providing? How many sites are covered? The scope is the lens through which to view your QMS.

5) Leadership and commitment.
‍
‍Top management will take responsibility for the effectiveness of the QMS, ensuring that it delivers its intended results and that its importance is communicated to the wider team. This can be through notice boards, emails, intranet, shared drives etc. Top management will commit to investigating any quality problems and ensure action is taken to prevent re-occurrence where possible.

What the Standard is asking for:
‍
Top management must demonstrate leadership, accountability, and commitment to the management system's effectiveness and provision of adequate human and other resources focusing on customer satisfaction. A quality policy and quality objectives are required, with authority, roles, and responsibilities defined to support the management system.

What you have to do and the approach:
‍
Leadership, accountability, and commitment by senior management are essential for your management system's effectiveness. In addition, deciding the strategic direction and principles of the business with a quality policy and objectives and giving the necessary authority, roles, and responsibilities will help support your management system.

Examples of Relevant Records:‍‍‍

• Documented policies contain all the mandatory commitments
• Policies approved by Top Management
• Internal communication of all policies
  
• Policies must be available to relevant external interested parties.
  
• Definition of responsibilities and authority for relevant roles (job specifications)
  
• Assignment, issued by the top management, of the people responsible for:
  
• Reporting on the performance of the Management System
  
• Ensuring that the System conforms to the requirements of the standards
  
• Ensuring that the integrity of the System is maintained throughout changes
  
• Ensuring that the processes deliver the planned outputs
  
• Ensuring customer focus
  

(Clause 6) Planning- Actions to address risks and opportunities.
‍
What the Standard is asking for:
‍
The business must consider the issues, risks, and opportunities to achieve its intended results and improvement.A plan of action and quality objectives must be implemented to aid the management system's processes and evaluate their effectiveness. Quality Objectives are based on your Quality Policy and should be measurable, time-based, and specific.

Planned changes will consider potential consequences, resources, and the integrity of the management system.

What you have to do and the approach:
‍
When planning actions related to the issues, risks, and opportunities, several objectives need to be made to support your management systems processes to aid improvement. All these need to be evaluated to get the intended results. You will need to consider any consequences, what resources are required, and the robustness of your management system.

Examples of Relevant Records:‍‍‍

• Definition of responsibilities and authority for relevant roles (job specifications)
• Assignment, issued by the top management, of the people responsible for:
• Reporting on the performance of the Management System
  
• Ensuring that the System conforms to the requirements of the standards
  
• Ensuring that the integrity of the System is maintained throughout changes
  
• Ensuring that the processes deliver the planned outputs
  
• Ensuring customer focus
  
• Objectives Register
  
• Evidence of communication of objectives and performance indicators to relevant functions
  
• Actions planned and implemented to attain planned objectives and eliminate detected
  
• Deviations, including allocated resources, responsibilities, and dates to be completed
  
• Evidence of change in planning
  

(7) Support.
‍
The organisation must determine and provide the necessary internal and external resources to improve and maintain the management system. Competent persons need to be appointed depending on education, training, experience, and awareness of the quality policy and objectives to support, implement, operate, and control the management system processes.

Documented information created and updated must be communicated for proper and appropriate use to support and maintain the organisation's quality policy, objectives, and management system.

What this means and the approach:
‍
You will need to provide appropriate internal and external resources to aid improvement and maintain your management system. You will also need to consider the skills required by those that operate the management system and that infrastructure is available and maintained (building, utilities, equipment, software).

To support your quality policy, objectives, and management system, all the relevant documented information must be communicated within your business.

(Clause 7.1.5) Monitoring and Measuring resources:
‍
The QMS may require processes in place to reduce the risk of non-conforming products/ services, such as monitoring and verification to ensure outputs are desirable. If measurements are part of your verification process, the equipment used must be calibrated to ensure reliability.

Examples of Relevant Records:‍‍‍

• Infrastructure maintenance plan and register
• List of monitoring and measuring devices, including identification, calibration requirements and frequency when needed, traceability requirements, calibration status when applicable
• List/matrix of critical knowledge and retention procedures
  
• Training and skills required for specific roles about Quality, Environment, and OH&S 
  
• Evidence of training and skills for all employees in relevant roles  
  
• Recruitment and selection procedures and records 
  
• Training needs assessment records - Gap analysis for existing vs required competence 
  
• Training plan and implementation records 
  
• Records related to the evaluation of training effectiveness
  
• Planning of internal and external communication
  
• Evidence of the communication undertaken
  
• controlled documents list, including all mandatory documents and those of internal and external origin determined by the organisation to be necessary
  

(8) Operational Planning and Control.
‍
This is a very large clause in the Standard, so we have broken this down into the following sections:

Operational Planning and Control.

8.1) What is the Standard asking for:

‍ISO 9001 requires that controls, as determined by identified risk, are in place to ensure that products and services are delivered to the high standards determined by your interested parties.

What this means for you, and how do we approach it:
‍
When planning the delivery of products and services, you must consider what could go wrong, what could be done better and what your customers expect. These factors must be incorporated into document procedures to ensure consistent delivery of the required quality. 

You will also need to consider the skills required by those that deliver the products and services and how these are kept up to date. 

Examples of Relevant Records:‍‍‍

• Document procedures
• training records
• approved supplier register
  
• customer specifications
  

8.2) Requirements for Products and Services.

What is the Standard asking for:

Clause 8.2, the specific requirements for products and services must be determined by engagement with the customer. The products and services must be reviewed to meet customer requirements, and any changes must be documented and communicated to the relevant people. ‍
‍
What this means and how to approach it:

‍Establishing the needs and expectations of the customer must be done by talking to the customer, getting feedback, handling inquiries, and setting up contracts or orders. Changes to your product or service and customer requirements need to be made aware and documented.

Examples of Relevant Records:‍‍‍

• products and services and acceptance criteria
• Criteria and controls for the processes
• Documented information as evidence that processes are carried out as planned
  

(8.3) Design and development of products and Services.
‍
What the Standard is asking for:

‍Clause 8.3, a planned, documented, and controlled process for design and development, is required to meet the ability to provide a quality product and service and satisfy the requirements of customers. 

What this means and the approach:
‍
‍If you are responsible for any design of products and services, a planned, documented, controlled process is required. The process must consider the complexity, resources, planned changes, and actions needed to prevent any adverse impacts.

Examples of Relevant Records:‍‍‍

• Inputs to design, including customer and legal requirements
• Outputs of each design phase, with the necessary approvals
• Procurement requirements
  
• Drawings and specifications
  

8.4) Control of Externally Provided Products and Services.

What the Standard is asking for:

Clause 8.4 needs to show the ability of external products and service providers (your suppliers) to be confident in meeting the requirements of the organisation. The extent of the type of controls to be applied to external providers (your suppliers) needs to be established along with the approval process before the release of the products and services.  ‍
‍
What this means and the approach:

The use of external providers for your products and services must be of a standard that satisfies the requirements to meet the needs and expectations of the customer and your specific requirements. The ability to do this needs to be controlled by established processes, carefully monitored, and documented.

Examples of Relevant Records:‍‍‍

• Log of externally provided processes, products, and services both to incorporate in own products/services and directly delivered to the customer on behalf of the organisation
• Controls applied to externally provided processes, products, and services to make sure it doesn't affect product/service performance
• Definition of criteria for the evaluation, selection, monitoring of performance and revaluation of external providers
  
• Documented evidence of the evaluation, selection, monitoring of performance and assessment of external providers and actions arising from the evaluations
  
• Evidence of communication with external providers, previously to supply, about processes/products/services to be provided, requirements competence and required qualification of persons. Interactions with the organisation. Control and monitoring applied. Verification or validation activities to perform on external providers' premises
  

8.5) Production and Service Provision.
‍
What the Standard is asking for:

Clause 8.5 asks to provide control of the products and services using trusted resources to monitor and measure the processes involved. Appointing qualified, competent people, making sure of the availability of monitoring resources, meeting post-delivery requirements, and getting post-delivery customer feedback.

What this means and the approach:
‍
Clause 8.5 requires that your products and services show several quality control processes before being provided to the customer. Competent, qualified people using the production control processes will make sure that your product and services continually conform to their requirements.

8.6) Release of Products and Services.

What the Standard is asking for:

Clause 8.6 shows that planned arrangements at appropriate stages have been completed to verify that the product and services have met their requirements before being released to the customer. These requirements should include traceability and conformity.

What this means to you and approach:

This means that in clause 8.6, all the required 'checks and balances 'have been satisfactorily done and approved before the release of the product and services to the customer, making sure that all the output requirements have been satisfactorily met.

8.7) Control of Non-conforming Outputs.

What the Standard is asking for:

In clause 8.7, any product or service that does not conform has to be identified and controlled so that its unintended use and delivery are prevented. Non-conformance should be dealt with in several ways, including correction, segregation, informing the customer, and suspension of the product or service. Documentation should be kept detailing the nonconformity, actions taken, and concessions made to the customer.

What this means to you:

When things go wrong with a product or service, there are ways of documenting what went wrong, how it went wrong, and the impact on the business and customer. Necessary steps in the form of corrective actions should be documented and retained to prevent further nonconformities.
‍‍
Examples of Relevant Records:

Corrective action log shows the following:‍‍‍

• corrective actions are adopted to ensure that non-conforming products/services are identified and controlled, and unintended use or delivery is prevented
• Non-conforming items are corrected
• Root-cause analysis is performed, corrective actions are taken, and effectiveness evaluated
  
• The customer is informed if applicable
  
• If decided to "as is", an authorised person allowed formal acceptance under concession
  

9) Performance - Monitoring, Measurement, Analysis and Evaluation.

What the Standard asks for:

Clause 9, what needs to be monitored and measured must be determined, including the methods of monitoring, measurement, analysis, and evaluation. This process can include monitoring customer perceptions with surveys. Relevant data and information from monitoring, measurement, and analysis are required to evaluate products, services, and customer satisfaction.

Results will indicate the performance, effectiveness, and the need to improve the management system and address the risks and opportunities. Regular planned internal audits are necessary to provide information on the requirements of the management system and the Standard.

The internal audit program results need to be documented and communicated to the relevant management, and the information is retained as evidence of the implementation of the audit program. When considering the organisation's strategic direction, planned intervals to review the management system are necessary to continue its suitability, adequacy, effectiveness, and the need for changes.‍
‍
What this means and how we approach it:

Understanding the performance of your management system can be achieved by using monitoring, measurement, analysis, and evaluation. The results of this will evaluate your products, services, and customer satisfaction. Having planned internal audits will highlight any weaknesses, ensure your management system is suitable, adequate, and effective, and indicate any need for change.

Examples of Relevant Records:‍‍‍

• Definition of what needs to be monitored and analysed, methods used, and monitoring/measurement/analysis frequency for all the mandatory issues:
• Conformity of products and services
• Customer satisfaction
  
• Performance of the management system
  
• If planning has been implemented effectively
  
• Effectiveness of actions taken to address risks and opportunities
  
• Performance of external providers
  
• The need for improvements
  
• Documented evidence of monitoring and measuring results achieved
  
• Definition of the method used to ensure maintenance, calibration, and verification of monitoring and measuring equipment used to evaluate Quality, OH&S and Environment performance
  
• Evidence of calibration and verification of monitoring and measuring equipment
  
• Updated Internal audit program
  
• Internal audit plans
  
• Internal Audit reports
  
• Evidence that the results of the audits were communicated to relevant managers and other interested parties
  
• Corrective action log showing actions taken to address nonconformities and these actions were effective
  
• Documented Management review(s) containing all the mandatory inputs and outputs
  
• Recurrence of Management review if adequate
  

10) Continual Improvement.
‍
What the Standard asks for:

Meeting and enhancing customer requirements and satisfaction by determining the opportunities for improvement. Improving products and services and correcting, preventing, and reducing undesired effects, and addressing future needs and expectations. 

Controlling nonconformities by evaluating the need for corrective action and dealing with the consequences of nonconformity.

Continual improvement of the performance and effectiveness of the quality management system to reflect the change, innovation, and re-organisation.

Considering the results, analysis, evaluation, and output from a management review to determine the needs and opportunities for continual improvement.

What this means and how we approach it:
‍
Selecting opportunities for improvement for your products and services and controlling nonconformities by corrective action will maintain your customers' needs and expectations. Analysis and evaluation of your management system will provide continual improvement, change, innovation, and re-organisation.
‍
Examples of Relevant Records:‍‍‍

• Nonconformity register 
• corrective action log – evidence of root-cause analysis, corrections, and corrective actions are taken to address nonconformities and effectiveness evaluation through recurrence analysis or another similar way