|
Audit
An audit is an evidence gathering
process. Audit evidence is
used to evaluate how well audit criteria are being met. Audits
must be objective, impartial, and independent, and the audit
process must be both systematic and documented.
There are three types of audits: first-party,
second-party, and
third-party audits. First-party audits are internal audits. Second
and third party audits are external audits.
Organizations use first party (internal)
audits to audit themselves
for internal purposes. However, you don’t have to do them yourself.
You can ask an external organization to carry out an internal audit
on behalf of your organization. You can also use first party audits
to declare that your organization complies with the ISO 9001
standard (a self-declaration).
Second party audits are external
audits. They’re usually done by
customers or by others on their behalf. However, they can also be
done by any external party that has an interest in your organization.
Third party audits are external audits
as well. However, they’re
performed by independent (disinterested) external organizations.
Third party audits are used to
determine whether or not an
organization complies with the ISO 9001 standard. Third party
auditors are referred to as registrars or certification bodies. |
|
Audit criteria
Audit criteria include policies, procedures,
and requirements.
Audit evidence is used to determine how well such audit criteria
are being met. Audit evidence
is used to determine how well
policies are being implemented,
how well procedures are
being applied, and how well
requirements are being met. |
|
Auditee An auditee is an
organization that is being audited. Organizations
include companies,
corporations, enterprises, firms, charities,
associations, and institutions (or some combination of these).
Organizations can be either incorporated or unincorporated
and can be privately or publicly owned. |
|
Audit evidence
Audit
evidence includes records, factual statements, and other
verifiable information that is related to the audit criteria being
used.
Audit criteria include policies, procedures, and requirements.
Audit evidence can be either
qualitative or quantitative.
Objective evidence is data that shows or proves that
something exists or is true. |
|
Audit findings
Audit findings result from a process that
evaluates audit
evidence and compares it against audit criteria. Audit findings
can show that audit criteria are being met (conformity) or that
they are not being met (nonconformity). They can also identify
improvement opportunities. Audit findings are used to assess
the effectiveness of the quality management system and to
identify opportunities for improvement.
Audit evidence includes records,
factual statements, and other
verifiable information that is related to the audit criteria being
used.
Audit criteria include policies, procedures, and requirements. |
|
Auditor In the context of this
quality management standard, an auditor
is a person who collects evidence in order to evaluate how well
quality management systems meet requirements.
Auditors are expected to determine
whether quality management
systems comply with standards and other planned arrangements.
They must also be able to determine whether quality management
systems are properly implemented and maintained. And they must
be able to do all of this while being independent, objective,
impartial, and competent. |
|
Audit plan An audit plan
specifies how you intend to conduct a particular
audit. It describes the activities you intend to carry out and the
arrangements you intend to make.
An audit is an evidence gathering
process. Audit evidence
is used to evaluate how well audit criteria are being met. |
|
Audit scope The scope of an
audit is a statement that specifies the focus,
extent, and boundary of a particular audit. The scope of an audit
is generally defined by specifying the physical location of the audit,
the organizational units that will be examined, the processes and
activities that will be included, and the time period that will be
covered. |
|
Characteristic
A characteristic is a distinctive feature or
property of something.
Characteristics can be
inherent or
assigned. An inherent
characteristic exists in something or is a permanent feature
of something, while an assigned characteristic is a feature
that is attributed or attached to something. |
|
Concession A concession
is a special approval that is granted to release
a nonconforming product for use or delivery. Concessions are
usually limited by
time and
quantity and tend to specify
that
nonconforming characteristics may not violate specified limits. |
|
Conformity In the context of
this standard, to conform means to meet
or comply with
requirements. There are many
types of
requirements. There are quality requirements, customer
requirements,
product requirements, management
requirements, legal requirements, and so on.
Requirements can be explicitly specified
(like the ISO 9001
requirements) or implied. A specified requirement is one
that
has been stated (in a document, for example). When your
organization meets a requirement, you can say that it
conforms to that requirement. |
|
Continual improvement
Continual improvement is a set of
activities that an organization
periodically carries out in order to
enhance its ability to meet
requirements.
Continual improvements
can be achieved by
carrying out audits (and using audit findings and conclusions),
performing management reviews,
analyzing data, setting
objectives, and implementing corrective and preventive actions. |
|
Correction A correction
is any action that is taken to eliminate a
nonconformity. However, corrections do not address
causes. When applied to products, corrections can
include reworking products, reprocessing them,
regrading them, assigning them to a different
use, or simply destroying them. |
|
Corrective action
Corrective
actions are steps that are taken to remove the
causes of an existing
nonconformity or undesirable situation.
The corrective action process is designed to prevent the
recurrence
of nonconformities or
undesirable situations. It tries to make sure
that existing nonconformities
and situations don’t happen again.
It tries to prevent recurrence
by eliminating causes. Corrective
actions address actual problems. Because of this, the
corrective
action process can be thought of as a problem solving process. |
|
Customer A customer is
anyone who receives products or services from a
supplier organization. Customers can be people or organizations
and can be either external or internal to the supplier organization.
For example, a factory may supply products or services to another
factory (customer) within the
same organization. According to
ISO 9000, examples of customers include clients, consumers,
end-users, purchasers, retailers, and beneficiaries. |
|
Customer satisfaction
Customer satisfaction is a perception. It
is also a question of
degree. It can vary from high satisfaction to low satisfaction.
If customers believe that you've met their requirements, they
experience high satisfaction. If they believe that you've not
met their requirements, they experience low satisfaction.
Since satisfaction is a
perception, customers may not
be
satisfied even though you’ve met all contractual requirements.
Just because you haven’t received any complaints doesn’t
mean that customers are satisfied.
There are many ways to monitor and measure
customer
satisfaction. You can use customer satisfaction and opinion
surveys; you can collect product quality data (post delivery),
track warranty claims, examine dealer reports, study customer
compliments and criticisms, and analyze lost business
opportunities. |
|
Design and development
Design and development is a process (or a
set of processes).
This process uses resources to transform requirements (inputs)
into characteristics or specifications (outputs) for products,
processes, and systems.
You may treat design and development
as different stages
of a single integrated design and development process or
you may treat design and development as two (or more)
separate processes. You may also use the terms design
and development interchangeably if they mean the
same thing in your organization. |
|
Design and development review
Design and development review is a set of
activities whose purpose
is to evaluate the suitability, adequacy, effectiveness, and sometimes
the efficiency of a set of characteristics or specifications.
Design and
development review can be used to evaluate product, process, and
system characteristics or specifications. In this context, an
effective
set of characteristics or specifications is one that has the potential
to achieve planned results or realize planned activities. |
|
Design and development
validation Design and
development validation is a process. This process uses
objective evidence to confirm that products meet the requirements
which define their intended use or application. Whenever specified
requirements have been met, a validated status is achieved. The
process of validation can be carried out under realistic use
conditions or within a simulated use environment. |
|
Design and development
verification Design and
development verification is a process. It uses objective
evidence to confirm that design
and development outputs meet
design and development input requirements. Whenever specified
input requirements have been met, a verified status is
achieved. |
|
Effectiveness
Effectiveness refers to the degree to which
a planned effect is
achieved. Planned activities are effective if these activities
are
realized. Similarly, planned results are effective if these
results
are actually achieved.
For example, an effective process is
one that realizes planned
activities and achieves planned results. Similarly, an effective
set
of characteristics or specifications is one that has the potential
to
realize planned activities and achieve planned results |
|
Efficiency Efficiency is
a relationship between results achieved (outputs) and
resources used (inputs). Efficiency can be enhanced by
achieving
more with the same or fewer resources. The efficiency of a
process
or system can be enhanced by achieving more or getting better
results (outputs) with the same or fewer resources (inputs). |
|
Infrastructure
The term infrastructure refers to the entire
system of facilities,
equipment, and services that an organization needs in order to
function. According to ISO 9001, Part 6.3, the term infrastructure
includes buildings and workspaces (including related utilities),
process equipment (both hardware and software), support
services (such as transportation and communications),
and information systems. |
|
Inspection Inspections
use observation, measurement, testing and
judgment to evaluate conformity.
Inspection
results are
compared with specified requirements in order to establish
whether conformity has been achieved. Product inspections
compare product characteristics with product requirements
in order to evaluate conformity. |
|
Interested party
An interested party is a person or group
that has a stake in the
success or performance of another organization. Interested parties
may be directly affected by the organization or actively concerned
about its performance. Interested parties can come from inside
or
outside of the organization. Examples of interested parties can
include customers, suppliers, owners, partners, employees,
unions, bankers, or members of the general public. |
|
Internal audit
Internal audits are referred to as
first-party audits. Organizations
use internal (first party) audits
to audit themselves for internal
purposes. However, you don’t have to do them yourself. You can
ask an external organization to carry out an internal audit on
behalf
of your organization. You can use first party audits to declare that
your organization complies with the ISO 9001 standard. This is
called a self-declaration. |
|
Management The term
management refers to all the activities that are used
to coordinate, direct, and control an organization. In this context,
the term management does not refer to people. It refers
to activities.
ISO 9000 uses the term top management to refer to people. |
|
Management review
The overall purpose of a management review
is to evaluate the
suitability, adequacy, and effectiveness of an organization's quality
management system, and to look for improvement opportunities.
Management reviews are also used to
identify and assess
opportunities to change an organization’s quality policy and
quality objectives, to address resource needs, and to look for
opportunities to improve its products. |
|
Management system
A management system is a set of interrelated
or interacting
elements that organizations use to implement policy and
achieve objectives.
There are many types of management systems.
Some of
these include quality management systems, environmental
management systems, emergency management systems, food
safety management systems, occupational health and safety
management systems, information security management
systems, and business continuity management systems. |
|
Measuring equipment
In the context of this standard, measuring
equipment includes all
the things that are needed to carry out a
measurement process.
Accordingly, measuring equipment includes measuring instruments
and apparatuses as well as all the associated software, standards,
and reference materials. |
|
Nonconforming product
When one or more
characteristics of a product fail to meet
specified requirements, it is referred to as a nonconforming
product.
When a product deviates from specified product requirements, it
fails to conform. Nonconformity products must be identified and
controlled to prevent unintended use or delivery.
A product is the output of a process.
Products can be tangible
or intangible. ISO 9000 lists four generic product categories:
services, software, hardware, and processed materials. |
|
Nonconformity
Nonconformity refers to a failure to comply
with requirements.
A requirement is a need, expectation, or obligation. It can be
stated or implied by an organization, its customers, or other
interested parties.
There are many types of requirements.
Some of these
include quality requirements, customer requirements,
management requirements, product requirements, and
legal requirements. Whenever your organization fails to
meet one of these requirements, a nonconformity occurs.
ISO 9001 lists quality management system
requirements.
When your organization deviates from these requirements,
a nonconformity occurs. |
|
Objective evidence
Objective evidence is data that shows or proves
that
something exists or is true. Objective evidence can be
collected by performing observations, measurements,
tests, or by using any other suitable method. |
|
Outsourced process
An outsourced process is any process that is
part of your
organization’s quality
management system (QMS) but is
performed by a party that is external to your organization.
According to ISO 9001, you must identify and
control your
outsourced processes,
and you must ensure that each
outsourced process is effective. You also need to figure
out how to control the interaction between internal and
outsourced processes.
A process is a set of activities that
are interrelated or that
interact with one another. Processes use resources to
transform inputs into outputs.
According to ISO/TC 176/SC 2/N526R,
“the terms subcontract and
outsource are interchangeable and have the same meaning”. |
|
Preventive action
Preventive actions are steps that are taken
to remove the
causes of potential nonconformities or potential
situations
that are undesirable.
The preventive action process is
designed to prevent the
occurrence of nonconformities or situations that do not yet
exist. It tries to prevent occurrence by eliminating causes.
While corrective actions prevent
recurrence, preventive
actions prevent occurrence. Both types of actions are
intended to prevent nonconformities.
Preventive actions address potential
problems, ones that
haven't yet occurred. In general, the
preventive action
process can be thought of as a risk analysis process. |
|
Procedure A procedure is
a way of carrying out a process or activity.
According to ISO 9000,
procedures may or may
not be
documented. However, in most cases, ISO 9001 expects
you to document your procedures.
Documented procedures can be very
general or very detailed,
or anywhere in between. While a general procedure could take
the form of a simple flow diagram, a detailed procedure could
be a one page form or it could be several pages of text.
A detailed procedure defines and
controls the work that should
be done, and explains how it
should be done, who should do
it, and under what circumstances. In addition, it explains what
authority and what responsibility
has been allocated, which
inputs should be used, and what outputs should be generated. |
|
Process A process is a
set of activities that are interrelated or that
interact with one another.
Processes use resources to
transform inputs into outputs. Processes are interconnected
because the output from one process becomes the input for
another process. In effect, processes are “glued” together
by means of such input output relationships.
Organizational processes should be
planned and carried out
under controlled conditions. An effective process is one that
realizes planned activities and achieves planned results. |
|
Process approach
The process approach is a management
strategy. When
managers use a process approach, it means that they manage
the processes that make up their organization, the interaction
between
these processes, and the inputs and outputs that
tie these processes together. |
|
Process-based
quality management system (QMS)
A process-based quality management system
uses
a
process approach to manage and control how its quality
policy is implemented and how its quality objectives are
achieved. A process-based QMS is a network of
interrelated and interconnected processes.
Each process uses resources to transform
inputs into outputs.
Since the output of one process becomes the input of another
process, processes interact and are interrelated by means of
such input-output relationships. These process interactions
create a single integrated process-based QMS.
The concept of a “process-based
quality management system”
is briefly mentioned in the introduction to ISO 9001 (section 0.2).
However, ISO 9000 does not formally define this important term
so we've
given it a try. |
|
Product A product is the
output of a process. Products can be tangible
or intangible. ISO 9000 lists four generic
product categories:
services, software, hardware, and processed materials. Many
products combine several of these categories. For example,
an automobile (a product) combines hardware (e.g. tires),
software (e.g. engine control algorithms), and processed
materials (e.g. lubricants).
Service is always the result of an
interaction between a
service supplier and a customer and can take many forms.
Service can be provided to support an organization’s own
products (e.g. warranty
service or the
serving of meals).
Conversely, service can be provided for a product supplied
by a customer (e.g. a repair service or a delivery service).
Service can also involve
the provision of an intangible
thing to a customer (e.g. entertainment, transportation,
or advice). While software is intangible, and includes
things like approaches and procedures, hardware
and processed materials are tangible and are often
referred to as goods. |
|
Product inspection
Product inspection is an activity that
compares product
characteristics with product requirements in order to evaluate
conformity. More precisely, a product inspection compares one
or more characteristics of a product with specified requirements
in order to determine if the product meets these requirements.
Product inspections use observation, measurement, testing
and judgment to evaluate conformity. |
|
Product realization
A product starts out as an idea. The idea is
realized or actualized
by following a set of product
realization processes.
Product
realization refers to all the processes that are used to
bring
products into being. |
|
Quality The quality of
something can be determined by comparing
a set of inherent characteristics with a set of requirements.
If those inherent characteristics meet all requirements, high
or excellent quality is achieved. If those characteristics do
not meet all requirements, a low or poor level of quality
is achieved.
Quality
is, therefore, a question of degree.
As a result,
the central quality question
is: How well does this set of
inherent characteristics comply with this set of requirements?
In short, the quality of something depends on a set of inherent
characteristics and a set of
requirements and how
well the former complies with the latter.
According to this definition, quality
is a relative concept.
By linking quality to requirements, ISO 9000 argues that the
quality of something cannot be established in a vacuum.
Quality is always relative to a set of requirements. |
|
Quality assurance (QA)
Quality assurance is a set of
activities intended to establish
confidence that quality requirements will be met. QA is one
part of quality management. |
|
Quality characteristic
A quality characteristic is tied to a
requirement and is an inherent
feature or property of a product, process, or system.
A requirement is a need, expectation,
or obligation. It can be stated
or implied by an
organization, its customers, or
other interested
parties. An inherent feature or property exists in something
or is a permanent characteristic of something. |
|
Quality control
Quality control is a set of activities
intended to ensure that
quality requirements are actually being met. Quality control
is one part of quality management. |
|
Quality improvement
Quality improvement refers to anything that
enhances an
organization's ability to meet quality requirements. Quality
improvement is one part of quality management. |
|
Quality management
Quality management includes all the
activities that organizations
use to direct, control, and coordinate
quality. These activities
include formulating a quality policy and setting quality objectives.
They also include quality planning, quality control, quality
assurance, and quality improvement. |
|
Quality management system
(QMS) A quality management
system is a set of interrelated or interacting
elements that organizations use to direct and control how quality
policies are implemented and quality objectives are achieved.
A process-based QMS uses a process
approach to manage
and control how its quality policy is implemented and quality
objectives are achieved. A process-based QMS is a network
of many interrelated and interconnected processes (elements).
Each process uses resources to transform
inputs into outputs.
Since the output of one process becomes the input of another
process, processes interact and are interrelated by means of
such input-output relationships. These process interactions
create a single process-based QMS. |
|
Quality manual
A quality manual documents an organization's
quality
management system (QMS). It can be a paper manual
or an
electronic manual. According to ISO 9001, your
quality manual should:
- Define the scope of your QMS.
- Explain reductions in the scope of your
QMS.
- Justify all exclusions (reductions in
scope).
- Describe how your QMS processes interact.
- Document your quality procedures or refer
to them.
|
|
Quality planning
Quality planning involves setting quality
objectives and then
specifying the operational processes and resources that will
be needed to achieve those objectives. Quality planning is
one part of quality management. |
|
Quality plan A quality plan
is a document that is used to specify the procedures
and resources that will be needed to carry out a project, perform a
process, realize a product, or manage a contract. Quality plans
also specify who will do what and when. |
|
Quality policy
An organization’s quality policy defines top
management’s
commitment to quality. A quality policy statement should
describe an organization’s general quality orientation
and clarify its basic intentions.
Quality policies should be used to
generate quality objectives
and should serve as a general framework for action.
Quality
policies can be based on
the ISO 9000 Quality Management
Principles and should be consistent with
the organization’s
other policies. |
|
Quality objectives
A quality objective is a quality oriented
goal. A quality
objective is something you aim for or try to achieve.
Quality objectives are generally based
on or derived from
your organization’s quality policy and must be consistent
with it. They are usually formulated at all relevant levels
within the organization and for all relevant functions. |
|
Record
A record is a type of document.
Records provide evidence that
activities have been performed or results have been achieved.
They always document the past. Records can, for example, be
used to show that traceability requirements are being met, that
verification is being performed, and that preventive and
corrective actions are being carried out. |
|
Requirement A requirement
is a need, expectation, or obligation. It can be
stated or implied by an organization, its customers, or other
interested parties. A specified
requirement is one that has
been stated (in a document for example), whereas an implied
requirement is a need, expectation, or obligation that is
common practice or customary.
There are many types of requirements.
Some of these include
quality requirements, customer requirements, management
requirements, product requirements, and legal requirements. |
|
Review
A review is an activity. Its purpose is
to figure out how well
the thing being reviewed is capable of achieving established
objectives. Reviews ask the following question: is the subject
of the review a suitable, adequate, effective, and efficient way
of achieving your organization’s objectives?
There are many kinds of reviews. Some
of these include
management reviews, design and
development reviews,
customer requirement reviews, and nonconformity reviews.
Relative to the previous types of reviews, the focus of each
review is as follows: quality management systems, design
characteristics and specifications, customer requirements,
and nonconformities, respectively. |
|
Service According to ISO 9000,
a service is a type of product. Service is
always the result of an activity or interaction between a service
supplier and a customer and can take many forms.
Service can be provided to support an
organization’s own
products (e.g. warranty
service or the serving of
meals).
Conversely, service can be provided for a product supplied
by a customer (e.g. a repair service
or a delivery service).
Service can also involve the provision of an intangible thing
to a customer (e.g. entertainment, transportation, or advice). |
|
Special process
A special process is any production or
service delivery process
that generates outputs that cannot be measured, monitored, or
verified until it's too late. It's often too late because deficiencies
may not be obvious until after the resulting products have been
used or services have been delivered. In order to prevent output
deficiencies, these special processes must be validated in
order
to prove that they can generate planned results. |
|
Standard A standard is a
document. It is a set of rules that control how
people develop and manage materials, products, services,
technologies, processes, and systems.
ISO's
standards are agreements. ISO refers to them as
agreements because its members must agree on content and
give formal approval before they are published. ISO standards
are developed by technical committees. Members of these
committees come from many countries. Therefore, ISO
standards tend to have very broad support. |
|
Supplier A supplier is a
person or an organization that provides products.
Suppliers can be either
internal or external to the organization.
Internal suppliers
provide products to people within their own
organization while external
suppliers provide products to other
organizations. Examples of suppliers include organizations and
people who produce, distribute, or sell products, provide
services, or publish information. |
|
Top management
When ISO 9001 uses the term top management
it is referring
to a person or a group of people at the
highest level within
an
organization. It refers to the people who coordinate, direct,
and control organizations.
The term management refers to all the
activities that are used
to coordinate, direct, and control an
organization. The term
management does not refer to
people. It refers to activities. |
|
Traceability Traceability
is the ability to identify and trace the history,
distribution, location, and application of products, parts, and
materials. A traceability system records and follows the trail
as
products, parts, and materials come from suppliers and are
processed and ultimately distributed as end products. |
|
Validation Validation is
a process. It uses objective evidence to confirm that
the requirements which define an intended use or application have
been met. Whenever all requirements have been met, a validated
status is achieved. The process of validation can be
carried out
under realistic use conditions or within a simulated use
environment.
In the context of this standard, the term
validation is used in
at least two different situations: design and development and
production and service provision. Design and development
validations use objective evidence to confirm that products
meet the requirements which define their intended use
or application.
Production and service provision processes
must be validated
whenever process outputs cannot be measured, monitored, or
verified until after the
product is in use or the service has been
delivered (by then it’s too late to do
anything about output
deficiencies and defects). In this case, validations use
objective
evidence to confirm that production and service provision
processes are capable of producing planned results. |
|
Verification Verification
is a process. It uses objective evidence to confirm
that specified requirements have been met. Whenever specified
requirements have been met, a verified status is achieved.
In the context of this standard, the term
verification is used in
at least two different situations: design and development and
purchasing. Design and development verifications use objective
evidence to confirm that design and development outputs meet
specified input requirements. Similarly, objective evidence must
be used to verify or confirm that purchased products
meet
specified purchasing requirements.
There are many ways to verify that
requirements have been met.
For example, you could do tests, perform demonstrations, carry
out alternative calculations, compare a new design specification
with a proven design specification, or you could inspect
documents before you issue them. |
|
Work environment
The term work environment refers to working
conditions. It
refers to all of the conditions and factors that influence work.
In general, these include physical, social, psychological, and
environmental conditions and factors.
Work environment
includes lighting, temperature, and noise factors, as well as
the whole range of ergonomic
influences. It also includes
things like supervisory practices
as well as reward and
recognition programs. All of these things influence work. |
