|
An audit is a systematic evidence
gathering process. Audits must be
independent and evidence must be evaluated
objectively to determine
how well audit criteria are being met. There are three types of audits:
first-party, second-party, and third-party.
First-party audits are internal
audits while second and third party audits are
external audits.
Organizations use first party audits to audit
themselves. First party
audits are used to provide input for management
review and for other
internal purposes. They're also used to declare that
an organization
meets specified requirements (this is called a
self-declaration).
Second party audits are external audits.
They’re usually done by
customers or by others on their behalf. However,
they can also be
done by regulators or any other external party that
has an interest
in an organization. Third
party audits are external audits as well.
However, they’re performed by independent
organizations such
as registrars (certification bodies) or regulators.
ISO also distinguishes between combined
audits and joint audits.
When two or more management systems of different
disciplines are
audited together at the same time, it's called a
combined audit; and
when two or more auditing organizations cooperate to
audit a
single auditee organization it's called a joint
audit.
|
|
Audit criteria
are used as a reference point and include policies,
requirements, and other forms of documented
information. They are
compared against audit evidence to determine how
well they are being
met. Audit evidence is used to determine how well
policies are being
implemented and how well requirements are being
followed.
|
|
Audit evidence includes records,
factual statements, and other verifiable
information that is related to the audit criteria
being used. Audit criteria
include policies, requirements, and other documented
information.
|
|
Audit findings result from a process
that evaluates audit evidence
and compares it against audit criteria. Audit
findings can show that
audit criteria are being met (conformity) or that
they are not being
met (nonconformity). They can also identify best
practices or
improvement opportunities.
|
|
An audit program (or programme)
refers to a set of one or more
audits that are planned and carried out within a
specific time
frame and are intended to achieve a specific audit
purpose.
|
|
A characteristic is a distinctive
feature or property of something.
Characteristics can be inherent or assigned and can
be qualitative
or quantitative. An inherent characteristic exists
in something or is
a permanent feature of something while an assigned
characteristic
is a feature that is attributed or attached to
something.
|
|
Competence means being able to apply
knowledge and skill to
achieve intended results. Being competent
means having the
knowledge and skill that you need and knowing how to
apply
it. Being competent means that you’re qualified to
do the job.
|
|
In the context of ISO 9001, a complaint
refers to an expression of
dissatisfaction with a product or service and is
filed by a customer
and received by an organization. Whenever a customer
lodges a
complaint, a response is either explicitly or
implicitly required.
|
|
A concession is a special approval that is
granted to release a
nonconforming product or service for use or
delivery. Concessions
are usually restricted to a specific use and limited
by time and quantity
and tend to specify that nonconforming
characteristics may not violate
specified limits.
|
|
Conformity is the "fulfillment of a
requirement". To conform means
to meet or comply with requirements and a
requirement is a need,
expectation, or obligation. There are many types of
requirements
including customer
requirements, quality
requirements, quality
management requirements, management requirements,
product
requirements, service requirements, contractual
requirements,
statutory requirements, and regulatory requirements.
|
|
An organization’s context is its
business environment. It includes
all of the internal and external factors and
conditions that affect its
products and services, have an influence on its QMS,
and are
relevant to its purpose and strategic direction.
An organization’s external context
includes all of the needs and
expectations of
interested parties, as well as its social, cultural,
legal, technological, regulatory, and competitive environment.
An organization’s internal
context includes its values,
culture,
knowledge, and performance.
ISO 9001 2015 expects you to consider your
organization’s
internal and external context when you define the
scope of
its QMS and when you plan its design and
development.
|
|
Continual improvement is a set of
recurring activities that are carried
out in order to enhance performance. Continual
improvements can be
achieved by carrying out audits, self-assessments,
and management
reviews. Continual improvements can also be realized
by collecting
data, analyzing information, setting objectives, and
implementing
corrective and preventive actions.
|
|
A contract is a binding agreement
between two or more parties.
|
|
A correction is any action that is
taken to eliminate a nonconformity.
However, corrections do
not address root causes.
When applied to
products, corrections can include reworking
products, reprocessing
them, regrading them, assigning them to a different
use, or simply
destroying them.
|
|
Corrective actions are
steps that are taken to eliminate
the causes of existing nonconformities in order to
prevent
recurrence. The corrective action process tries to
make
sure that existing nonconformities and potentially
undesirable situations don’t happen again.
|
|
A counterfeit part is
an unauthorized copy, imitation, substitute, or
modified version of a genuine product, component, or
material object.
A counterfeit part is knowingly misrepresented as
the genuine part of an original or authorized
manufacturer. Counterfeit parts often have false,
misleading, inaccurate, or fraudulent labels,
markings, serial numbers,
date codes, grades, documentation, or performance
characteristics.
|
|
Items are critical if
they have a major impact on the provision and
use of products and services. Items are critical if
they have a significant
effect on the safety, performance, form, fit,
function, producibility, or life
of products or services. Critical items require
specific actions to ensure
that they are adequately managed. Examples include
key characteristics,
parts, functions, processes, and software. They
include mission critical
items, safety critical items, and fracture critical
items.
|
|
A customer is anyone who receives
products or services (outputs)
from a supplier. Customers
can be either people or organizations
and can be either external or internal to the
supplier organization.
Examples of customers include clients, consumers,
users,
guests, patients, purchasers, and beneficiaries.
|
|
Customer satisfaction is a
perception. It's also a question of degree.
It can vary from high satisfaction
to low satisfaction. If
customers
believe that you've met their requirements,
they experience high
satisfaction. If they believe that you've not met
their requirements,
they experience low satisfaction.
Since satisfaction is a perception, customers
may not be satisfied
even though you’ve met all contractual requirements.
Just because
you haven’t received any complaints doesn’t mean
that customers
are satisfied.
There are many ways to monitor and measure
customer satisfaction.
You can use customer
satisfaction and opinion surveys; you can
collect product quality data (post delivery), track
warranty claims,
examine dealer reports, study customer compliments
and
criticisms, and analyze lost business opportunities.
|
|
The term data is defined as any facts
about an object.
|
|
A defect is a type of
nonconformity. It occurs when a product
or service fails to meet specified or intended use
requirements.
|
|
Design and development is a process
(or a set of processes) that uses
resources to transform general input requirements
for an object into
specific output requirements.
An object is any entity that is
either conceivable or perceivable. Objects
can be real or imaginary and could be material or
immaterial. Examples
include products, services, systems, organizations,
people, practices,
procedures, processes, plans, ideas, documents,
records, methods,
tools, machines, technologies, techniques, and
resources.
|
|
To determine means to find or to
identify the value of a characteristic.
|
|
The term documented
information refers to information
that
must be controlled and
maintained and its
supporting medium.
Documented information can be in any format and on
any medium
and can come from any source.
Documented information includes
information about the management
system and related processes. It also includes all
the information that
organizations need to operate and all the
information that they use
to document the results that they achieve (aka
records).
|
|
Effectiveness refers to the degree
to which a planned effect is achieved.
Planned activities are effective if these activities
are actually carried out
and planned results are effective if these results
are actually achieved.
|
|
The term feedback is used to refer
to a comment or an opinion
expressed about a product or service or an interest
expressed
in a product or a service. It may also be used to
refer to the
customer complaints-handling process itself.
|
|
A function is a role that is
performed by a unit of an organization.
|
|
Improvement is a set of activities
that organizations carry out in
order to enhance performance (get better results).
Improvement
can be achieved by means of a single activity or by
means of a
recurring set of activities.
|
|
Information is “meaningful data”.
While it's not entirely clear what the
word “meaningful” is supposed to mean in this
context, dictionaries
tend to say that something is meaningful if it is
significant, relevant,
material, valid, or important.
|
|
In the context of this ISO 9001 standard, an
information system is
a network of communication channels used within an
organization.
|
|
The term infrastructure refers to
the entire system of facilities,
equipment, and support services that organizations
need in
order to function. According to ISO 9001, section
7.1.3, the
term infrastructure
can include buildings,
equipment,
utilities, and technologies (both hardware and
software).
|
|
Innovation is a process that results
in a new or substantially changed
object. An object is any entity that is either
conceivable or perceivable.
Objects can be real or imaginary and could
be material or immaterial.
Examples include products, services, systems,
organizations, people,
practices, procedures, processes, plans, ideas, documents, records,
methods, machines, tools, technologies, techniques,
and resources.
|
|
An interested party
is anyone who can affect, be affected by, or
believe that they are affected by a decision or
activity. An interested
party is a person, group, or organization
that has an interest or a
stake in a decision or activity.
|
|
A key characteristic is a feature
or an attribute that has a significant
impact when it varies. Whenever a key characteristic
varies, it has an
important effect on the performance, form, fit,
function, producibility,
or service life of the product. Therefore, key
characteristic variations
must be controlled.
|
|
Knowledge is a collection of
information and a justified belief
that this information is true with a high level of
certainty.
|
|
The term management
refers to all the activities
that are used to
coordinate, direct, and control organizations. These
activities include
developing policies, setting objectives, and
establishing processes
to achieve these objectives. In this context, the
term management
does not refer to people. It refers to what managers
do.
|
|
A management system is a set of
interrelated or interacting elements
that organizations use
to formulate policies
and objectives and to
establish the processes
that are needed to ensure that policies
are
followed and objectives are
achieved. These elements
include
structures, programs,
procedures, practices, plans, rules,
roles,
responsibilities, relationships, contracts,
agreements, documents,
records, methods, tools, techniques, technologies,
and resources.
There are many types of management
systems. Some of these include
quality management
systems, environmental management
systems,
financial management
systems, information security management
systems, business continuity management systems,
emergency
management systems,
disaster management
systems, food safety
management systems, risk management systems, and
occupational
health and safety management systems.
The scope or focus of a management
system could be restricted to
a specific function or section of an organization or
it could include
the entire organization. It could even include a
function that cuts
across several organizations.
|
|
Measurement is a process that is
used to determine
a value. In most cases this value will be a
quantity.
|
|
Measuring equipment
includes all the things needed to carry
out a measurement process. Accordingly, measuring
equipment
includes instruments and apparatuses as well as all
the associated
software, standards, and reference materials.
|
|
To monitor means to determine the
status of an activity, process,
or system at different stages or at different times.
In order to determine
status, you need to supervise and to continually
check and critically
observe the activity, process, or system that is
being monitored.
|
|
Nonconformity is a nonfulfillment or
failure to meet a requirement.
A requirement is a need, expectation, or obligation.
It can be stated
or implied by an organization or interested parties.
|
|
An object is any entity that is
either conceivable or
perceivable.
Objects can be real or imaginary and could be
material or immaterial.
Examples include products, services, systems,
organizations, people,
practices, procedures, processes,
plans, ideas, documents, records,
methods, tools, machines, technologies, techniques,
and resources.
|
|
An objective is a result you intend
to achieve. Objectives can be
strategic, tactical, or operational and can apply to
an organization
as a whole or to a system, process, project,
product, or service.
Objectives may also be referred to as targets, aims,
goals,
or intended outcomes.
Quality objectives are generally
based on or derived from an
organization’s quality policy and must be consistent
with it.
|
|
Objective audit evidence is
information that is verifiable and
generally consists of records and other statements
of fact
that are relevant to the audit criteria being used.
|
|
Objective evidence is data that
shows or proves that something
exists or is true. Objective evidence can
be collected by performing
observations, measurements, tests, or using other
suitable methods.
|
|
An organization can be a single
person or a group that achieves its
objectives by using its
own functions, responsibilities, authorities,
and relationships. It can be a company, corporation,
enterprise, firm,
partnership, charity, association, or institution and can be
either
incorporated or unincorporated
and be either privately
or publicly
owned. It can also be an operating unit that is part
of a larger entity.
|
|
An output is the result of a
process. Outputs can be either tangible
or intangible. The output from one process is often
the input for
another process.
ISO 9001 lists four generic output
categories: services, software,
hardware, and processed materials. Outputs often
combine several
of these categories. For example, an automobile (an
output) combines
hardware (e.g. tires), software (e.g. engine
control algorithms), and
processed materials (e.g. lubricants).
|
|
When an organization makes an arrangement with an outside
organization to perform part of a function or process, it is referred
to as outsourcing. To outsource
means to ask an external organization
to perform part of a function or process normally
done inhouse. While
an outsourced organization is beyond the scope of
your QMS, the
outsourced process or function itself falls within
your scope.
|
|
According to ISO, the term performance
refers to a measurable result.
It refers to the measurable
results that activities, processes,
products,
services, systems and organizations are able to
achieve. Whenever they
perform well it
means that acceptable results are being achieved and
whenever they perform poorly, unacceptable
results are achieved.
|
|
A performance indicator (metric) is
a characteristic that is used to
measure customer satisfaction and how well outputs
are realized.
|
|
A policy
is a general commitment,
direction, or intention
and is
formally stated by top management. A quality
policy statement should
express top management's commitment to the
implementation and
improvement of its quality management system and
should allow
managers to set quality objectives.
|
|
A process is a set of activities
that are interrelated or that interact
with one another. Processes
use resources to transform inputs
into outputs. Processes are interconnected because
the output
from one process often becomes the input for another
process.
While processes usually transform
inputs into outputs, this
is not always the case. Sometimes inputs become
outputs
without transformation.
Organizational
processes should be planned and
carried
out under controlled conditions. An effective
process is one
that realizes planned activities and achieves
planned results.
|
|
The process approach is a
management strategy. When managers
use a process approach, it means that they
manage and control the
processes that make up their organization, the
interaction between
these processes, and
the inputs and outputs that tie
these
processes together.
|
|
A process-based quality management
system uses a process approach
to manage and control how its quality
policy is implemented and how
its quality objectives are achieved. A process-based
QMS is a network
of interrelated and interconnected processes.
Each process uses
resources to transform inputs into outputs.
Since the output of one
process becomes the input of another
process, processes interact
and are interrelated by
means of
such input-output relationships. These process
interactions
create a single integrated process-based QMS.
|
|
A product
is a tangible or intangible output that is the
result of a
process that does not include activities that are
performed at the
interface between the supplier (provider) and the
customer.
Products
can be tangible or intangible. According to a
note to
this definition, there are three generic product
categories: hardware,
processed materials, and software. Many products combine several
of these categories. For example, an automobile (a
product) combines
hardware (e.g. tires), software (e.g. engine control
algorithms), and
processed materials (e.g. lubricants).
|
|
A product is safe
if it is able to perform to its designed or
intended
purpose without causing an unacceptable risk of
harm to persons
or damage to property.
|
|
A provider is a person or an
organization that supplies or provides
products or services. Providers can be
either internal or external to
the organization. Internal providers supply products
or services to
people within their own organization while external
providers
supply products or services to other organizations.
|
|
The adjective quality applies to
objects and refers to the degree to
which a set of inherent characteristics fulfills a
set of requirements.
An object is any entity that is either
conceivable or perceivable and
an inherent characteristic is a feature that exists
in an object.
The quality of an object can be
determined by comparing a set
of inherent characteristics against a set of
requirements. If those
characteristics meet all requirements, high or
excellent quality is
achieved but if those characteristics do not meet
all requirements,
a low or poor level of quality is achieved. So the
quality of an object
depends on a set of characteristics and a set of
requirements and
how well the former complies with the latter.
|
|
Quality management
includes all the activities that organizations
use to direct, control, and coordinate quality.
These activities include
formulating a quality policy and setting quality
objectives. They also
include quality planning, quality control, quality
assurance, and
quality improvement.
|
|
A quality management system (QMS)
is a set of interrelated or
interacting elements that organizations use to
formulate quality
policies and quality objectives and to establish the
processes that
are needed to ensure that policies are followed and
objectives are
achieved. These elements include structures,
programs, practices,
procedures, plans,
rules, roles, responsibilities, relationships,
contracts, agreements, documents, records, methods,
tools,
techniques, technologies, and resources.
|
|
A quality objective is a quality
result that you intend to achieve.
Quality objectives are based on or derived from an
organization’s
quality policy and must be consistent with it. They
are usually
formulated at all relevant levels within the
organization and
for all relevant functions.
The adjective quality applies to
objects and refers to the degree to
which a set of inherent characteristics fulfills a
set of requirements;
and an object is any entity that is either
conceivable or perceivable.
Therefore, a quality objective can be set
for any kind of object.
|
|
A quality policy should express top
management's commitment to the
quality management system (QMS) and should allow
managers to set
quality objectives. It should be based on ISO’s
quality management
principles and should be compatible with your
organization’s other
policies and be consistent with its vision and
mission.
ISO's quality management principles ask
you to focus on customers
and interested parties, to provide
leadership, to engage and involve
people, to use a process approach, to encourage
improvement, to use
evidence to make decisions, and to manage corporate
relationships.
|
|
A regulatory requirement is an
obligation that is specified by
an authority which gets its mandate from a
legislative body.
|
|
To release means to grant permission
to proceed to the next stage
of a process. The term release is also
used to refer to a version of
software or documented information.
|
|
A requirement is a need,
expectation, or obligation. It can be stated or
implied by an organization, its customers, or other
interested parties.
A specified requirement is one that has been stated
(in a document for
example), whereas an implied requirement is a need,
expectation, or
obligation that is common practice or customary.
There are many types of requirements. Some of
these include customer
requirements, quality
requirements, quality management requirements,
management requirements, product requirements,
service requirements,
contractual requirements, statutory requirements,
and regulatory
requirements.
|
|
A review
is an activity. Its purpose is to figure out how
well the thing
being reviewed is capable of achieving established
objectives. Reviews
ask the following question: is the subject (or
object) of the review a suitable,
adequate, effective, and efficient way of achieving
established objectives?
There are many kinds of reviews. Some of
these include management
reviews, design and development reviews, customer
requirement
reviews, nonconformity reviews, and peer reviews.
|
|
According to ISO 9000, risk is the
“effect of uncertainty on an expected
result” and an effect is a positive or negative deviation
from what is
expected. The following two paragraphs will explain
what this means.
This definition recognizes that all of us
operate in an uncertain world.
Whenever we try to achieve something, there’s always
the chance that
things will not go according to plan. Sometimes we
get positive results
and sometimes we get negative results and
occasionally we get both.
Because of this, we need to reduce uncertainty as
much as possible.
Uncertainty (or lack of certainty)
is a state or condition that involves
a deficiency of
information and leads to inadequate or incomplete
knowledge or understanding. In the context of risk management,
uncertainty exists
whenever the knowledge or understanding of
an event, consequence, or likelihood is inadequate
or incomplete.
While this definition argues that risk can be
positive as well as
negative, a note acknowledges that "the term
risk is sometimes
used when there is only the possibility of
negative consequences".
|
|
Risk-based thinking
refers to a coordinated set of activities and
methods that organizations use to manage and control the many
risks that affect its ability to achieve objectives.
Risk-based thinking
replaces what the old standard used to call preventive action.
While risk-based thinking is now an essential
part of the new
standard, it does not actually expect you to
implement a formal
risk management process nor does it expect you to
document
your organization’s risk-based approach.
|
|
A service
is an intangible output
and is the result of a process
that includes at least one activity that is carried
out at the interface
between the supplier (provider) and the customer.
Service provision can take many
forms. Service can be provided
to support an organization’s own
products (e.g. warranty service
or the serving of meals). Conversely, it can be
provided for a product
supplied by a customer (e.g. a repair
service or a delivery service).
It can also involve the provision of an intangible
thing to a customer
(e.g. entertainment, ambience, transportation, or
advice).
|
|
A special
requirement is a requirement that may be
especially
difficult to achieve. Special requirements may be
difficult to achieve
because they force you to operate at the limit of
your technical or
process capability or at the limit of your
industry’s capability.
Since there is
a risk that your organization may not be able to
meet a
special requirement, you’re expected to include it
in your operational
risk management process. Either you or your
customer may decide
that a requirement is special. In order to figure
out whether or not
a requirement is special, consider the complexity
and maturity of
your product or process and your past experience.
|
|
A statutory requirement is defined
by a legislative body and is obligatory.
|
|
A strategy is a plan for achieving
an objective.
|
|
A supplier
is a person or an organization that provides products or
services. Suppliers can be either internal
or external to an organization.
Internal suppliers provide products or
services to people within their
own organization while external
suppliers provide products or
services to other organizations.
Examples of suppliers include
organizations and people who produce,
distribute, or market products, provide services, or
publish information.
While ISO still includes a definition for this term,
the new ISO 9001 2015
standard no longer actually uses it. It prefers,
instead, to use the term
external provider.
|
|
A system
is defined as a set of interrelated or interacting elements.
A management system is one type of system.
It is a set of interrelated
or interacting elements that organizations use to
formulate policies
and objectives and to establish the processes that
are needed to
ensure that policies are followed and objectives are
achieved.
|
|
The term top management normally
refers to the people at the top
of an organization. It refers to the people who
provide resources
and delegate authority and who coordinate, direct,
and control
organizations.
However, if the scope of a management system
covers only part
of an organization, then the term top
management refers, instead,
to the people who direct and control that part of
the organization.
|
|
Traceability is the ability to
identify and trace the history, distribution,
location, and application
of products, parts, materials, and services.
A traceability system records and follows the trail
as products, parts,
materials, and services come from suppliers and are
processed and
ultimately distributed as final products and
services.
|
|
Validation is a process. It uses
objective evidence to confirm that the
requirements which define an intended use or
application have been
met. Whenever all requirements have been met, a validated
status is
established. Validation can be carried out
under realistic use
conditions or within a simulated use environment.
There are several ways to confirm that the
requirements which define
an intended use or application have been met. For
example you could
do tests, you could carry out alternative
calculations, or you could
examine documents before you issue them.
|
|
Verification is a process. It uses
objective evidence to confirm
that specified requirements have been met. Whenever
specified
requirements have been met, a verified status is
achieved.
There are many ways to verify that
requirements have been met.
For example you could inspect something, you could
do tests,
you could carry out alternative calculations, or you
could
examine documents before you issue them.
|
