Using ISO  parlance, a management system is designed to achieve objectives.   In the case of a quality management system (QMS) the most basic objective is to succeed by satisfying customers.  A QMS is a system designed to satisfy customers by providing them with timely, quality products and services.

A QMS is composed of processes impacting an organization’s ability to fulfill customer requirements.  Two types of processes  compose a QMS: core processes (or primary, realization, or operational processes) and support processes.  Core processes in a sense define what an organization does for a living, while support processes are in place to help assure the effective, efficient operation of the core processes (like a training process).

While a management system is composed of processes working together to system objectives, each process is composed of activities working together to achieve process objectives.  Using ISO parlance, “activity” is the lowest level of system definition. Each organization can further break activities down into components as they deem fit.  These sub-activities would still be part of their respective activities, which would be part of their process.

Each process needed for a management system to operate is viewed in the same way: as a series of activities transforming inputs into outputs.  Taken together, these processes—a combination of operational (core) processes and support processes—ARE the management system of an organization.

A PRE-EXISTING CONDITION
When ISO 9001 registration becomes a goal, organizations are often tempted to adopt management system documentation to “get certified,” resulting in out-of-the-box documentation pandering to the requirements of the standard itself.  This approach ignores the processes that were already operating to output quality products and services in favor of adopting unfamiliar management system documentation merely responding to individual requirements of ISO 9001.

This invites management to define their management systems as being something other than those already operating to keep the organizations in business.

When ISO 9001 came along, the idea of viewing core operations as distinct processes and documenting them accordingly was cast aside in favor of documentation matching the standard. It seemed to be the quick, easy solution, but many are unhappy with their defined management systems as a result.

As it turns out, the easiest, most cost effective, and most sensible route to registration is to recognize “getting the certificate” as being a secondary objective. The primary objective is to define an operable system—one that works—to promote consistency in operations, meaningful performance monitoring, and effective improvement to optimum performance. Of course, this is nothing more than plan-do-check-act (PDCA).  PDCA applies to real life processes and systems, not to systems of documents pandering to the requirements of ISO 9001.

MANAGEMENT SYSTEM DOCUMENTATION
From an organizational perspective, the PDCA cycle is working away at all functions and levels of an organization’s operations.  It doesn’t merely operate at the upper levels.  At the lowest levels, where the rubber meets the road, personnel naturally strive to make their activities more effective and efficient, thereby improving how they do it next time over how they did it last time.

The objective of management system documentation isn’t first to demonstrate conformity to ISO 9001, but to define the system and internal processing requirements to help assure quality and to apply PDCA.  Each procedure serves as a process plan subject to improvement via application of he DCA phases of PDCA.

Processing requirements (“the proper way to do it” or “the plan”) can be expressed in a variety of formats, even multiple formats to accommodate various levels and functions of operations.  A typical structure for management system documentation consists of three levels coinciding with functions the documentation.

A TYPICAL THREE TIER SYSTEM
The following diagram offers a graphical representation of this three-tier model. While the standard doesn’t require this typical structure, it often makes good sense.  Notice PDCA is applicable at all levels of processing:

Records resulting from operations, per this model, are often regarded as fourth level documentation.

First level management system documentation (often a “Quality Manual”) is designed to provide an overview of the system in operation.  It establishes what the system is designed to output in terms of the organization’s scope of supply.  It describes what processes are needed for the system to function, i.e., output quality products and services to customers within the organization’s scope of supply.

This level of documentation is often described as being the policy level.   It establishes the policies that are implemented by the next level of documentation.

Second level management system documentation (often “QMS procedures, “system procedures,” or just “procedures”) ties the policies to the shop floor by specifying how operations are conducted in support of the policies.  Accordingly, for each core or support process identified as being needed for the system, a procedure describes management’s planned arrangements for carrying out that process.

This level of documentation provides a description of a process, conveying the sequence and interaction of processing activities so it’s clear how they operate together to result in process outputs.  Procedures specify how management wants a process to be carried out, yet this level of documentation doesn’t necessarily state precisely how activities are supposed to be carried out.

Where documentation is needed in this level of detail, it’s called, you guessed it, third level documentation.

Whether or not work instructions supporting activities are needed depends on the context of processing.  Depending on the risk involved, very specific work instructions might be required to assure conformity of processing and the resulting product.  For example, we would expect work instructions for heart implant assembly to be very detailed and robust to assure product conformity and safety.

On the other hand, simple on-the-job training might be adequate to control activities in a different context, say, in the case of a simple service job like bussing tables—where the risk of customer dissatisfaction is low and safety isn’t a deep concern.

Organizations commonly use forms to capture processing data, or charts or tables to convey information needed by personnel, or blueprints, wiring diagrams, etc., for instructing personnel or for product acceptance.  According to this model, all of these represent third level documentation.

CONFORMITY ASSESSMENT
Levels one and two can be collectively considered system documentation.  Together, they define the system and its operation.  This is the level at which conformity to ISO 9001 is demonstrated during assessment.

Third level documentation results from operation of the defined system.  Third-level documentation and records are usually reviewed by auditors during on-site auditing.

FINAL WORDS
ISO 9001:2008, 0.1, General, says “The adoption of a quality management system should be a strategic decision of an organization.”  The draft international standard (DIS), 0.1, General says almost the same thing: “The adoption of a quality management system ought to be a strategic decision for an organization.”

A QMS isn’t supposed to be raised in an effort to achieve ISO 9001 registration; it’s supposed to be raised to systemically improve performance to optimal levels from a business management perspective.  One clear objective for many companies is to succeed by doing a good job relative to the ever-improving competition.  A good management system will help any company remain a supplier of choice to it customers.

Bio:

T. D. (“Dan”) Nelson has been closely involved with ISO 9000 since 1994 as a technical writer, quality manager, management representative, consultant, author, and CB auditor. Holding an MA in Business Administration from the University of Iowa, Dan also has 12 years of experience as an IRCA-certified QMS Lead or Principal Auditor, conducting registration audits and surveillance audits, and training Lead Auditor candidates in accredited courses. Using a process approach, Dan has taken several scores of clients of various shapes and sizes through registration to ISO 9001:1994/2000/2008 and related sector schemes (e.g. QS 9000, AS9100, ISO 13485, and ISO 17025). Dan’s numerous articles about the process approach have also been published by Quality Digest, Inside Quality, ASQ’s Quality Management Division, the Society for Manufacturing Engineers (SME), and the South African Quality Institute (SAQI); Dan has been featured as a guest blogger by RABQSA, and has been featured on Quality Digest Live.  Dan is available for management consulting, training, and coaching, as well as auditor training and coaching. Contact:                   dan@tdnelson.com                  720 412 7994