ISO 9001/TICKIT PROCEDURES FOR
This page describes some simple procedures for work outside development projects, which are required by ISO 9001 / TickIT. The intention is that the readers should understand the requirements, and be able to prepare their own procedures.
Information about further procedures will be added.
Corrective and preventive action (ISO 9001 para 4.14)
Internal Quality Audits (ISO 9001 para 4.17)
CORRECTIVE AND PREVENTIVE ACTION
Preventive action means to systematically use available information about deficiencies and problems to decide how the current competences, procedures and practices should be changed to prevent recurrence of the same or similar deficiencies or problems.
Corrective action means a systematic way to ensure that decided preventive actions and improvements of the current competences, procedures and practices are implemented. Input may come from preventive action, quality audits, suggestions from staff, customer complaints e.t.c.
Procedures for preventive and corrective action should ensure
that all problem reports are analyzed for actions to prevent recurrence and similar problems, and
that decided corrective and preventive actions are implemented.
For example, the preventive action part might be that procedures for error handling require that copies of all problem reports be sent to an appointed person. That person would then be required to analyze the reports and, when suitable, initiate corrective action. The analysis and decision may simply be recorded on the form used for reporting the error.
The corrective action procedure might consist of an "action list" with assigned responsibilities, which is regularly checked, for example in a suitable weekly meeting. Someone must be appointed as responsible for maintaining the action list, and receiving input for corrective action. A decision is then made by e.g. a management meeting, as to what input should be added to the action list. A working system for corrective action can be a very useful tool when introducing procedures step by step. Instead of starting improvement projects, management may decide about individual procedures, assign responsible, and then enter the decision into the ordinary corrective action system. The follow-up and control will then be done in the existing process, which is already running.
INTERNAL QUALITY AUDITS
Internal quality audits are management's tool for ensuring
that the staff are following the procedures of the organisation
that these procedures give the intended results
that all needed procedures exist and are documented
Each part of an internal quality audits is performed by an independent person (outside the organisation which is audited).
Internal quality audits shall be planned activities. There shall exist a plan for the audits to be done during a certain time period, t.g. the next 12 months. Such a plan might consist of a table with the different parts of the organisation as in the columns, and the different parts of the quality system in the rows. For all parts of the organisation, where a quality audit is planned, there should be a date in the box for each part of the quality system to be audited. Example of part of such a plan:
2. Steering fora
4. Document control
The procedure for quality audit should then describe
The aim for the audits (see above), including follow-up on reports from previous audits.
Minimum auditor qualifications. There are training courses available for quality auditors. The TickIT training might be a suitable level.
The requirement for independence of auditors, and how to meet it. For example, persons from different parts of the organisation might audit each other's organisations.
An audit report should contain the following:
Who did the audit, and when
What organisational unit was audited
Follow-up of findings in previous audit reports
Who were interviewed
What documents were studied
What faults were found
For each fault, its kind, e.g. violation of a certain rule, unsuitable procedure, lacking procedure etc.
The audit report should be signed by the auditor. No other approval is needed.
The procedure should say how it is ensured that actions are taken on the audit findings. For example, the audit report might be delivered to a certain person or organisational unit in order to be entered into the corrective and preventive action system.