ISO 9001 - 4.4 - Part 1: The Quality management system



Welcome back to this blog, in which I analyze the different requirements of the ISO 9001:2015 standard, breaking them down individually to facilitate their understanding and application.


In this entry I begin the analysis of Sub-clause 4.4 of the ISO 9001:2015 standard. This sub-clause presents a situation similar to others that make up Clause 4 of this standard, that is, many people do not fully understand it, and so they apply it poorly. There are many people who believe that this sub-clause is one of the easiest to apply of the entire standard, since it refers to the quality management system itself, with which we would be working, as well as its processes, but we cannot ignore which is undoubtedly the most complex sub-clause and I could say the most important of all those that make up this standard. I know, and I have mentioned it in previous posts, that all subclauses and all requirements are important and that there is not one that we can neglect. But this sub-clause covers the entire quality management system, as well as all the processes that comprise it, which gives it a unique breadth and relevance. That is why we should analyze and understand each one of the requirements that make up this Sub-clause 4.4 to fully comply with all of them.


That is why, due to its complexity, I will be analyzing this Sub-clause 4.4 in three parts. In this entry, the first of these parts, I am analyzing the first four requirements of this sub-clause, referring to aspects that an organization should comply with regarding the quality management system, that is, that the QMS should be established, should be implemented, it should be maintained and should be continuously improved.


In the next entry, corresponding to the second part, I am presenting a description of the approach to processes that the standard requires, as well as the description of what a process is, the elements that make it up, the line of action to establish a process, as well such as the Plan-Do-Check-Act (PDCA) Cycle that should be used to establish and document a process; and also in this entry I analyze the requirements of No. 32 to No. 37 according to the identification of requirements of this sub-clause (If you want to access the entry of this third part, please click here).


In the third part related to this topic, I am presenting you with a description of the remaining requirements corresponding to this sub-clause, which deal with the determination and application of various elements necessary for the process management. (If you want to access the entry of this third part, please click here).


To carry out this analysis, I start it the way I have started with subclauses 4.1 to 4.3 that I have analyzed in previous posts on this blog, that is, breaking down this Subclause 4.4, identifying in the best possible way, each of the requirements that derive from it, following up on their progressive numbering.



In accordance with TS ISO 9002: 2016, as a support technical specification to understand the requirements of the ISO 9001: 2015 standard, the intention of Sub-clause 4.4.- Quality management system and its processes, is to ensure that the organization determines the processes needed for its quality management system in accordance with ISO 9001. This includes not only the processes for the production and provision of services, but also the processes necessary for the effective implementation of the system, such as internal audits, management review and others (including processes performed by external providers).


However, if we read and analyze this Sub-clause 4.4, we can identify that before referring to the processes, some requirements that an organization should meet in terms of a quality management system are initially mentioned, which if we consider what the standard indicates in the Introduction Clause, specifically in Subsection 0.3.1, this standard promotes the adoption of a processes approach when developing, implementing and improving the effectiveness of a quality management system, to increase customer satisfaction through compliance with the customer's requirements. Sub-clause 4.4 includes specific requirements considered essential for the adoption of a process approach. That subsection also tells us that understanding and managing interrelated processes, as a system, contributes to the effectiveness and efficiency of the organization in achieving its intended results.


With this information we then begin the identification and analysis of the requirements of this Sub-clause 4.4, in progressive order of the ISO 9001:2015 standard, and the first derived from this Sub-clause is the next one:


Requirement No. 28: "The organization shall establish a quality management system, including the processes needed and their interactions, in accordance with the requirements of this standard."


When using this requirement, it is very common that organizations do not clearly understand what the requirement indicates, so it is not easy for them to find a way to comply with it in a specific manner, and even less to be able to demonstrate their appropriate compliance and show evidence of it. That is why repeatedly, in the verification and audit processes of these systems, many doubts are generated about whether compliance with the requirement is appropriate or not, as well as, where appropriate, how to identify and write a possible non-conformity and, even worse, how to plan, establish and verify the result of a corrective action.


From my point of view, it is important that all persons with responsibilities within a quality management system understand the concept of what a quality management system is, as well as the meaning of the term "establish" and of all relevant terms included in this standard.


Curiously, this term "establish", which is so important for the application of the standard and for this particular requirement, is not included among the terms to be defined in ISO 9000:2015 standard, nor in Annex SL of Appendix 2, but ISO 9000:2015 contains in Subsection 3.4.3, the term: "Performance of the quality management system", which is defined as follows: 'process of establishing, documenting, implementing, maintaining and continually improving a quality management system [SOURCE: ISO 10019:2005]'.


Thus, it is convenient for us to analyze the meaning of this term in accordance with a recognized dictionary, for which, consulting the Merriam-Webster Dictionary, we find the definition of this term, as a transitive verb: 

In this way, based on the meaning of this term and the original wording, we can understand, therefore, that the organization should somehow bring into existence a quality management system, in an orderly or determined manner, including the necessary processes and their interactions.


Having correctly identified this requirement, the next step is to define how an organization can meet it. For this, it should initially have the decision of senior management to establish a quality management system (QMS), and with which it also commits to provide the necessary resources for its development, documentation and operation, as well as to comply with the responsibilities within that system are assigned. It is important that this decision is documented in some way and is kept as evidence. In the same way, it is important to point out that this QMS should be in compliance with the requirements of the ISO 9001 standard in its current version, which is the one issued in 2015, so the organization should document the identification of all the requirements of this standard, as well as the way in which all those that are applicable will be fulfilled. To document all these elements, it is very useful to generate and maintain a quality management manual, or an equivalent document, in which these identifications and descriptions are specified.


One of the most important characteristics of this standard is that it was developed under a process approach, so the organization should identify and manage its relevant processes, as well as their interactions, so as to achieve the intended results in accordance with the quality policy and the strategic direction of the organization.


Requirement No. 29: "The organization shall implement a quality management system, including the necessary processes and their interactions, in accordance with the requirements of this standard."


For many people, this Requirement No. 29 is identical to the previous one, No. 28, which leads them to make mistakes when complying with it. If we look closely, these two requirements, like other subsequent ones, use the same wording, because that is how this sub-clause of the standard presents them, but they differ from each other by a word (a verb) that changes the meaning for each one of these requirements. Similar situations occur repeatedly throughout the standard and we should be careful not to get confused.


Returning to this requirement, it is easy to identify the term that differentiates it from the previous one, and to understand that “implement” is not the same as “establish. We have previously seen what the term "establish" means, but in relation to "implement" something similar happens as with the previous one, that is, it is not defined in the ISO 9000:2015 standard, neither in Annex SL of the Appendix 2. For this we have to resort, in the same way, to the use of a dictionary. If we consult again the Merriam-Webster Dictionary, we find  this definition: 



So, if we go back to requirement just presented, but substitute the term in question for its meaning, we have the following: "the organization shall carry out, or accomplish, a quality management system giving practical effect to and ensure of actual fulfillment by concrete measures, including the necessary processes and their interactions, in accordance with the requirements of this standard”.


Analyzed in this way, we can see that in order for an organization to meet this requirement, it should, once it has established its QMS, apply the appropriate measures and methods to put the entire management system into operation. For this, it will be necessary that all the processes that are part of this system are operating and are managed appropriately.


Requirement No. 30: "The organization shall maintain a quality management system, including the processes needed and their interactions, in accordance with the requirements of this standard."


As with the two previous requirements, we find an identical wording, with the exception of the term "maintain", which is also not defined in the ISO 9000:2015 standard. Unlike the cases of the previous requirements of this Subclause 4.4 of the ISO 9001:2015 standard, when consulting the Merriam-Webster Dictionary, we find a wide variety of meanings of this term “maintain”, in which there are, from my point of view, one that may apply to the concept of the aforementioned requirement, and which is the following:


Thus, if we transfer these definitions to the aforementioned requirement, its wording would reasonably be as follows: "The organization  shall keep in an existing state, preserving it from failure or decline, a quality management system, including the necessary processes and their interactions, in accordance with the requirements of this standard."

When analyzing the requirement under this wording, in order for an organization to comply with it, it should, after having established a quality management system, including the necessary processes and their interactions, in compliance with the requirements of the ISO 9001 standard, and after having implemented it, continue with the operation of said system, considering the passage of time, changes in the organization, in the standard requirements, as well as changes generated by corrections, corrective actions and improvement of the quality management system.

Requirement No. 31: "The organization shall continuously improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this standard."

This means that, once the organization has established, implemented and maintained a quality management system, in accordance with the requirements that we saw previously, in accordance with it, it should carry out activities or processes that lead it to obtain, on a continuous basis, better results of this entire system.

The ISO 9000: 2015 standard incorporates the following term in its subsection 3.3.2.- "continual improvement": "Recurring activity to enhance performance".

Note 1 to entry: The process (3.4.1) of establishing objectives (3.7.1) and finding opportunities for improvement (3.3.1) is a continual process through the use of audit findings (3.13.9) and audit conclusions (3.13.10), analysis of data (3.8.1), management (3.3.3) reviews (3.11.2) or other means and generally leads to corrective action (3.12.2) or preventive action (3.12.1).

Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original definition has been modified by adding Note 1 to entry.

With this information, we can consider that to comply with this requirement, as well as to demonstrate its compliance, the organization should apply these recurring activities to improve performance and show evidence of them, as well as demonstrate that the organization has continuously improved its performance, identifying stricter objectives, and with better results in its performance.

In the second part of this topic, we will look at the following requirements of Sub-Clause 4.4.


Ernesto Palomares Hilton



Post a Comment