QMS Guidance Pt. 4 – ISO 9001 Clause 7 – Support
So what does a clause called ‘Support’ really mean then?
The answer is that this clause is really about resources and what ISO expects you to do and provide as a minimum to support your QMS.
This first sub-clause is divided up into 6 parts and sets out what ISO expect you to provide when the organisation is able to do so, but not immediately on demand so to speak. So from an auditing point of view what I’m saying is that it would be really easy to use it to demand of the SMT equipment and resources but that’s not what the clause is asking you to do. Its asking that you should as an organisation actually figure out what you need and then get what you need, and nothing more.
- 7.1.1 – General – go and find out what you need bearing in mind what you already have and any constraints on the organisation, or another way of saying this is do a Gap Analysis
- 7.1.2 – People – enough and adequately qualified to operate the QMS
- 7.1.3 – Infrastructure – the necessary equipment, plant and facilities and maintain it all to meet the needs of the QMS
- 7.1.4 – Environment – management of the overall environment, both built and cultural so that the QMS can deliver whats intended (you probably cant do so much about the built environment but you can sure do something about the culture)
- 7.1.5 – Monitoring and Measuring Resources – this is equipment to test characteristics that are suitable, maintained and calibrated
- 7.1.6 – Organisational Knowledge – keep learnt knowledge within the organisation, especially what people who may leave (which the will from time-to-time) have, but for best practice this should apply to anyone, so nobody becomes a ‘single point of failure’
Its important to point out that 7.1.5 – Monitoring and Measuring Resources is the only part of this clause that requires you to document what you have, its fitness for the purpose for which it will be used and keep verification or calibration documents.
The final part, 7.1.6 Organisational Knowledge is going to be quite the challenge to audit BUT from an organisational risk management perspective is probably a biggy. Organisations really should make some effort to keep knowledge often built-up over a long period of time in the organisation. You really don’t want an organisation to suffer or even go under because a senior executive left or retired and nobody bothered to record the organisational critical knowledge they had, now do you?
Again from my perspective another mis-named clause. This one’s called ‘Competence’ but really is about training and training records.
The standard is asking you to decide what are the minimum levels of educational achievement, training and experience for each job and then to ensure your people meet these competence levels. The standard requires that you keep documented information as evidence of competence (this may take the form of training records, mentoring records, information about reassignment of duties, hiring or contracting arrangements and so on)
This ‘Awareness’ clause fits very closely with 7.2 and possibly could have been included with 7.2. Basically the standard requires you to ensure your people are aware of the key concepts; the Quality Policy, Quality Objectives as may apply to them, how they contribute to the QMS and any implications of not meeting required operational standards.
There isn’t a requirement to document so from an auditing perspective this is one where you’re going to be asking open-ended questions to see if those charged with operating the QMS are aware of their role and impact their role has. So although a short clause this one has real banana skin potential if your staff just aren’t aware how their role fits in the QMS.
This clause deals specifically with internal communications. The standard is silent on requirements here so I suggest you have an ‘open-door’ policy and ensure communications flows in all directions. What the standard does do though is tell you to include the ‘what, when, how, who shall and to who‘, which to be honest should really be expected to be included. So by keeping things loose but ensuring that communications happen then from an auditing point of view you have it covered. But if you’re in a regulated environment then communication lines will almost always be more formally set.
This clause sets out the rules for the control of documents, its complicated for sure but is really important to get right. The clause talks of ‘documented information’ required by the standard, which as you read through the standard it tells you when and what ‘documented information’ is necessary for effectiveness of the QMS, which could run to quite a list depending on the context of the organisation and how regulated the industry the organisation operate in is.
In short then;
- Documents must be reviewed and approved before release
- Documents must be controlled and protected
- People must know where to find the most up-to-date documents
- Documents can’t be altered without prior approval
- Records must be captured and filed for safe keeping
- Records must have defined retention times
- Records must have defined preservation methods (so for electronic records this might include a back-up procedure)
Take-Away # 1 – you will have developed clear and defined requirements for each position – minimum education, training and experience – meaning you can hire the right people for jobs and you know what training and development needs you’ll have when you want to reassign a person
Take-Away # 2 – you’ll have a good understanding of what resources you’ll need and how to maintain them
Take-Away # 3 – any test or measurement equipment will be trustworthy and you’ll be in a position to demonstrate this to those that need to know
Take-Away # 4 – you’ll know from the top down what role each person plays, everyone will be fully trained and competent, understanding the part they play and what to do when things go wrong (such as equipment-down, or not enough people to do the job)
Take-Away # 5 – everyone will know what the lines of communication are and on what to communicate and who to and when (I can’t tell you how often I find an issue and right at the very heart of it is a lack of communication. Not because people choose not to communicate but because they don’t know who to, or when, or how.)
Take-Away # 6 – you’ll have a firm grasp of all of your documents, especially procedures, so that only the most up-to-date documents are used. This will take the ‘guess work’ out of things for those with operational duties, reduce inconsistency and reduce the cost of quality overall. But don’t be tempted to overcook any system you choose to implement, keep it simple.
Take-Away # 7 – you’ll end up with a system for capturing information, keeping it, making it safe and then archiving or destroying it when no longer needed.
Take-Away # 8 – a well thought through system will have a method for capturing organisation critical information for sharing with anyone as needs access to it, the key word here is critical so this is one well worth the effort for now and the future.
Philip Dawson MBA | Lead Auditor | ISO 9001 | ISO 14001 | ISO 45001 | ISO 27001 | Lean 6-Sigma Practitioner
Enjoyed the post or found it informative: