ISO 9001 System Review
Now that the management system processes have been defined and associated documentation has been drafted, it is time to finish implementing the system including approval and release of all system documentation, along with completion of quality system training activities.
ISO 9001 Process & Documentation Review
So, at this point, you should have all ISO 9001 management system processes developed and associated documentation drafted and ready to go. Before moving forward with implementation activities, perhaps one final review of the processes and documentation would be beneficial. So much can change during the weeks or even months since the first process documentation was developed and you may find significant disconnects and misalignment from the initial work to creation of the latest processes and documents. A second set of eyes and full ISO 9001 system review will always find something to be corrected, changed, or improved.
Find some other appropriate personnel in the organization to review your established management system processes and documentation. Challenge the reviewers to look for things that don’t align, especially the linkages and actions between different processes. If needed, gather certain cross-functional personnel to complete a group design review of the different interconnected processes and find opportunities for improvement. Use whatever method works for you to ensure that all the processes you developed are still appropriate and effective before release and implementation. Consider the steps below to complete this activity:
- Define Review Requirements: Determine what is to be reviewed, who will complete the review, and what methods will be used. Also determine how the results of the review will be captured and reported. In most cases issues should be reported to Quality and the appropriate process owners.
- Assign Responsibilities: Determine and assign responsibilities for reviewing processes and documentation. Be sure to clearly communicate the review methods and expectations to all persons involved.
- Execute Review: Complete all review activities ensuring that all issues are captured and communicated to appropriate personnel.
- Address Issues: Update processes and process documentation to address all identified issues.
If significant process changes are made, it might be good to complete a follow up review to ensure new issues weren’t created.
Management System Training
Before you release your process documentation and officially implement your management system, all required training should be completed to address any competency, knowledge, or awareness gaps. Our article, Implementing ISO 9001 Support Processes, discussed the methods and tools for managing competency and training activities. You should have also started the process of defining competency requirements and identifying existing competency gaps. At this time, complete any assessments to bring the competency requirements and gap analysis current. Consider any new management system processes established and define all new training that is now needed.
Based on your gap analysis, develop a plan to address training deficiencies and ensure that all company personnel have the appropriate knowledge, understanding, and skills to effectively fulfill their duties and function within the ISO 9001 management system. Some training can be implemented later if the process won’t be released and utilized immediately, such as Management Review or Internal Audit. Just ensure that personnel involved with a specific process are trained prior to releasing and executing the process and that training records show training was completed and effective.
Consider developing a training program that covers all the core ISO 9001 processes that affect all employees (Documented Information, Nonconformity & Corrective Action, Control of Nonconforming Outputs, Organizational Knowledge, etc.). This will allow you to cover multiple processes with large audiences relatively quickly. This program can be recycled as a periodic refresher or to train new employees as part of their initial orientation training requirements.
In the same vain, develop additional detailed training programs to cover these or other processes in greater detail and with narrower audiences as needed. As an example, the entire organization is trained on the basics of Documented Information (what it is, how to access documentation, how to initiate or suggest a change, etc.) while detailed training for process owners would impart information on how to initiate and implement a new document or document revisions.
Also, you can delegate training downstream to functional area management where it makes sense. For instance, the Engineering Manager could be responsible for training the entire engineering department on design & development processes and maintaining appropriate records. This isn’t required and if you prefer to execute training and maintain records from a central office, you are welcome to do so. If you do decide to delegate training throughout the organization, make sure all functional personnel responsible for training activities are trained on the competency and training processes (train the trainer).
Review, Approval, & Release of Documentation
Now that training is complete, and everyone knows what to do and how to do it, you can approve and release your management system documentation. ISO 9001 states that documentation must be reviewed and approved for suitability and adequacy prior to release. In other words, is the documentation appropriate for its intended use and does it effectively represent and explain the process.
Your documented information process should define the methods for completing a formal review, approval, and release of maintained documented information. This might involve a more manual paper-based process to obtain required document approvals or if you have implemented some type of ISO 9001 software, this will probably be accomplished through electronic workflows. The key is to ensure that the appropriate personal get a chance to review the final documentation and grant their approval prior to releasing the documents for use throughout the organization. Whoever completes the approval should be appropriate for the process being approved. For instance, someone from Engineering should approve all design and development documentation.
Once a document is approved, it now becomes available for release to the organization for use. We recommend that you release documents and processes in a control systematic manner which ensures that appropriate personnel are aware of the release and newly established process, and that the process must be followed and executed according to the documentation. At this point, all applicable employees should have completed all necessary training on the process, however, training verification may still be pending or in-process, depending on the nature of the verification requirements. Make sure that release of a process is aligned with the release of other processes that are linked or dependent on each other. As an example, Nonconformity & Corrective Action should be released prior to or at the same time as Control of Nonconforming Outputs as they are interdependent.
Note that in some cases, training doesn’t need to be completed prior to release of documentation. An example of this would be Management Review. You could release your management review process prior to the initial management review meeting as long as all members of the management review team are trained prior to the initial management review meeting. You could even start the initial management review meeting with training on the process then proceed with the meeting, which could be considered actual “on-the-job” training. Just be sure that personnel are not executing processes where required training has not yet been completed and competency demonstrated.
Our next article will discuss an opportunity to “pilot” the management system. This soft-launch provides an opportunity to test drive the management system, determine and discover certain aspects of the system that aren’t working as designed or desired, and make changes and improvements prior to the official system launch. Also, while the approach described in this lesson assumes a mass one-time release of the management system processes and documentation, it is certainly acceptable to release your system documentation systematically over time. Again, just be careful not to release documentation that is dependent on other processes prior to those supporting processes being released.
Note that your approval activities can be independent of the release triggers and dates. You can obtain approval for any process documentation, then hold that documentation indefinitely and release it for use at some other appropriate time in the future. You could obtain approval for Control of Nonconforming Outputs on May 1st, but not release it until Nonconformity & Corrective Action documents were approved and released on May 15th.
Prior to launching the ISO 9001 management system, all documentation should be reviewed, revised where needed, and approved. Reviews and approvals should be documented, and documentation released through an established document control system. Note that your document control process will need to be approved and released prior to all other documents.
Before releasing process documentation for implementation and use, be sure to complete and document any training needed to address any competency gaps. Consider using the system pilot methods described in the next article to evaluated and improve system performance prior to formal launch. A diligent and thorough ISO 9001 system review will help ensure your management system is ready to launch and avoid significant changes and rework following the launch.