QUALITY MANAGEMENT SYSTEM GUIDANCE
QUALITY MANAGEMENT SYSTEM
4.1 General Requirements
The scope declaration is almost always overcomplicated in many management system manuals. It should simply tell
what and who the manual applies to and to declare exclusions; nothing more or less. Define the extent of the quality
management system by determining which clauses apply and those that do not.
4.1.1 Exclusions
The majority of the standards clauses will be applicable but some might not. Either way, the manual must clearly
define which requirements from ISO 9001 (Section 7) have been excluded with a brief but detailed justification as to
their exclusion. Identify any ISO 9001:2008 requirements not applicable to your organizations activities and provide a
brief narrative justifying their exclusion from the scope of the quality management system.
An example of a justifiable exclusion might relate to the control of design and development, whereby, if a company
does not undertake design and development activities then the design and development clause would not be
applicable and can be excluded from the scope of the manual.
4.1.2 Justification
The justification for any exclusion and those considered not applicable must be clearly documented in the manual. If,
for example, design does not apply to the quality management system, the standard stipulates how a reduction in
scope of the standard should be justified and documented within the manual. All other potential exclusions within
Section 7 must be identified as not applicable or not applicable at this time with justification or explanation as to why
it does not apply. In addition, if an organization conducts these activities or is responsible by the customer to conduct
these activities, they must be part of the scope of certification. Design applies to product design; organizations cannot
exclude portions of design element.
This section includes the general requirements that must be met in order to establish, implement and continually
improve the effectiveness of a quality management system meeting the requirements of the standard. These
requirements are referenced to and/or further defined in subsequent clauses of the standard. Continual improvement
of the effectiveness of the quality management system may be reflected in a number of different areas. These
typically include:
Quality objectives
Corrective and preventive actions
Internal and external audits
Review of customer satisfaction surveys and associated actions
Operation meetings producing improvement actions
Actions initiated by suggestion programmes
Process, infrastructure and environment changes
Management Reviews
If continual improvement has become a way of life for a company, it is unlikely that a demonstration of companywide
continual improvement will come from only a few sources. System deterioration would not necessarily lead to nonconformity if all actions were positive and the improvement path is still evident and logical. The system would be
questionable if the company did not recognize it or had not reacted to the issues appropriately.
It is the responsibility of the company to demonstrate improvement rather than the auditor to look for it. Accordingly,
it is a useful audit practice to ask management to identify any improvement initiatives taken since the previous visit,
and any planned for the future.
4.1.3 Process Determination
Identify the processes that comprise your management system, there are two main types of process that you should
focus on. Key processes are steps that you go through to give the customer what they want, e.g. from order
www.ISO9001help.co.uk 2013
P a g e | 8 of 48
�QUALITY MANAGEMENT SYSTEM GUIDANCE
acceptance to design through to delivery while support processes are those processes that do not contribute directly
to what the customer wants but do help the key processes to achieve it. Support processes include human resources,
training and facilities maintenance, etc.
A good way to do this is to think about how workflows through your organization. Consider how the inputs and
outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the
support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on
your key processes and how the departments interface with each other.
Once you have defined the processes and interfaces; go back to the standard and determine which processes are
responsible for meeting which requirements. When defining your organizations processes, think about each process
and department and assign try to define those processes around the current organizational model and not around the
requirements of the standard.
Certification auditors will expect to see a process model that explains the key processes of the business and how each
relates and links to the others. The depth of process explanation may be as detailed as the company chooses, but
should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and
its overall corporate strategy. In determining which processes should be determined and documented the
organization may wish to consider factors such as:
Effect on quality
Risk of customer dissatisfaction
Statutory and/or regulatory requirements
Economic risk
Effectiveness and efficiency
Competence of personnel
Complexity of processes
Your QMS manual promotes the identification of:
Customer Oriented Processes (COPS)
Support Oriented Processes (SOPS)
Management Oriented Processes (MOPS)
Assessment Oriented Processes (AOPS)
Customer Oriented Processes (COPS) which affect or interact with the customer:
Marketing, sales and purchasing
Manufacturing/service
Design
Support Oriented Processes (SOPS) support other process:
Calibration
Maintenance
Finance/accounts
Human resources/training
Management Oriented Processes (MOPS) are formally conducted by the top management:
Business, operational and resource planning
Budgets, goals, targets and objective setting
Management review
Customer satisfaction Review
www.ISO9001help.co.uk 2013
P a g e | 9 of 48
�QUALITY MANAGEMENT SYSTEM GUIDANCE
Assessment Oriented Processes (AOPS) help determine compliance and performance:
Auditing
Data analysis
CAPA
Non-conformities
While defining processes however, this is not a requirement. The auditor must see evidence that the organization has
determined their processes and interactions. If your organization calls it a process, it must be monitored for
effectiveness in accordance with ISO 9001: 2008; clauses 4.1, 8.4 and 8.2.3.
Key Quality Management System Processes:
Management
Orientated
Processes
Customer
Orientated
Processes
Support
Orientated
Processes
Assessment
Orientated
Processes
4.1.4 Sequence & Interaction of Processes
The interactions of the processes must be described in the QMS manual. The auditor must see evidence that the
organization has determined their processes and that the interactions are also defined, all within the QMS manual.
Subsequently, this includes the actual and technical inputs and outputs of the processes to show their interrelationship. This requires the description of the interactions between the processes and should include process
names, process inputs and process outputs in order define their interactions. Interaction means how one influences
the other. Auditors commonly agree that the description of the interactions of the processes cannot be done if the
processes are not determined (names).
The organization is not required to produce system maps, flow charts, lists of processes etc. as evidence to
demonstrate that the processes and their sequence and interactions were determined. Such documents may be used
by organizations should they deem them useful, but they are not mandatory. Graphical representation such as flowcharting is perhaps the most easily understandable method for describing the interaction between processes.
Interaction between processes may be described, for instance, by way of references and/or cross-references within
the procedures, where the procedures form part of the QMS manual. If the procedures are not included or referenced
from the manual, then the manual cannot be consider acceptable to the standard requirements, the interactions can
be in an appendix, addendum or hyper linked to the manual if the system is electronic.
4.1.5 Outsourced Processes
Outsourced processes must be controlled by the organization and these controls must be defined and described
within their system. Organizations are required to identify the controls they apply for any outsourced processes. The
facility QMS manual must identify if outsource processes are applicable. In addition, the client shall have written
documentation on the methods used to control the outsourced processes. Examples of some outsourced processes
are:
1.
A process completed wholly or partially by a sister facility outside the scope of registration. Such as corporate
performing design, purchasing or customer related processes, this includes management activities i.e.
business planning, goal setting, resources, data analysis, budgeting, etc. This may include the entire element
or a subsection i.e. corporate completes supplier evaluation and re-evaluation of suppliers and the registered
site initiates purchase orders.
2.
A processes completed by an outside vendor or subcontractor such as heat treating, plating, calibration,
painting, powder coating, etc. These types of processes may be controlled by the purchasing process where a
formal contract or purchase order may be the controls. If this is the case, written documentation would be
the purchasing documentation and records however; these processes are required to be documented in the
quality manual.
www.ISO9001help.co.uk 2013
P a g e | 10 of 48
