Frequently Asked Questions

As ISO 13485 is developed based on ISO 9001, it is quite similar. A fundamental difference, however, is that ISO 9001 requires the organisation to demonstrate continuous improvement, whereas ISO 13485 requires only that they demonstrate that the quality system is implemented and maintained. Other differences are requirements that are specific to the medical devices industry such as making management responsible for the promotion and awareness of regulatory requirements, controls to ensure product safety, specific requirements for inspection and traceability for implantable devices and specific requirements for documentation and validation of processes for sterile medical devices.

Compliance with ISO 13485 is often seen as the first step in achieving compliance with European regulatory requirements. The conformity of Medical Devices and In-vitro Diagnostic Medical Device according to EEC-decrees 93/42/EEC, 90/385/EEC and 98/79/EEC must be assessed before sale is permitted. The preferred method to prove conformity is the certification of the Quality Management System according ISO 9001 and/or ISO 13485, ISO 13488, or ISO 14971 by a Conformity Assessment Body (CAB). The result of a positive assessment is the authorisation for the CE-identification and the permission to sell the high quality medical device in the European Union.

As ISO 13485 is developed based on the ISO 9001:2000 model, it is also compatible with the Environmental and Occupational Health and Safety Management System standards of ISO 14001 and OHSAS 18001 that were similarly based on ISO 9001.

ISO 22000 requires that all hazards that may be reasonably expected to occur in the food chain, including hazards that may be associated with the type of process and facilities used, be identified and assessed. Hazard analysis helps in establishing the hazards that need to be controlled and those that need not. Subsequently, the organisation is able to determine an effective combination of control measures and come up with the prerequisite programmes and the HACCP plan.

ISO 22000 has greater requirements pertaining to food safety. For instance, that the Food Safety Management System (FSMS) must conform to appropriate statutory and regulatory requirements, that food safety be supported by the business objectives, procedures such as emergency preparedness, product recall and withdrawal, and that analysis for food safety hazards be conducted as part of the process for planning the safe realisation of food production.

HACCP plays a large role in ISO 22000. So, if your company already has HACCP in place, you are one step closer to ISO 22000. ISO 22000 strengthens the HACCP system in several ways. It is a management system standard and as such, has requirements for policy, planning, implementation and operation, performance assessment, management review and improvement. ISO 22000 is also compatible with other ISO management system standards such as ISO 9001.

Poor quality food is not only a health hazard, but is damaging to the reputation of the supplier and impacts upon the bottomline.

Yes. It is more expensive to find and fix mistakes after they have been made, than to prevent them in the first place. As mentioned, GMP is designed to ensure that mistakes do not occur. Implementation of GMP provides the assurance of good quality and safe food and is an investment in improving the credibility and standing of the manufacturer in the eyes of the market and the community.

For one, regulatory requirements are critical functions within the industry. The requirements within AS 9100 are complementary to contractual and applicable law and regulations. The requirements of customers, regulatory agencies (such as the FAA and the JAA) and local, state and national laws are also referenced within the system's documentation.

Another is the AS 9100 standard provides guidance for managing variation when a "key characteristic" is identified. Features of a material, process or part in which the variation has a significant influence on product fit, performance, service life or manufacturability are key characteristics and the organisation has to establish and document a configuration management process.

Given the complexity of aerospace products and customers' expectations for reliable performance during a protracted period of time, AS 9100 includes extensive supplementation in design-and-development functions. Design outputs are supplemented to provide identification of key characteristics, and the data essential for the product that will be identified, manufactured, inspected, used and maintained is detailed.

The AS 9100 QMS family comprise the following three standards:

AS 9100 - Quality Management Systems - Aerospace
The AS-9100 is a Quality Management System (QMS) standard defined specifically by and for the aerospace industry. Published in the late 1999, it was developed by the ISO Aerospace Technical Committee 20 in conjunction with the American Aerospace Quality Group (AAQG), the European Association of Aerospace Industries (AECMA) and other similar international bodies from Brazil, China, Japan, and Mexico. 

AS 9110 - Quality Maintenance Systems - Aerospace
Requirements for Maintenance Organisations. AS9110 focuses on the maintenance, repair and overhaul aspects of the aerospace business. Aircraft are designed to perform for 50 years or longer, but properly maintaining them is essential for the product's total life cycle and continued safe operation. AS9110 is used to complement the expanded use of ISO 9001 by major aerospace repair stations worldwide.

AS 9120 - Quality Management Systems - Aerospace 
Requirements for Stockist Distributors. AS 9120 focuses on organisations that deal directly with OEMs and accumulate aerospace materials and products for resale. These distributors or stockists while providing a useful service, can affect product performance if they fail to handle parts and materials correctly or lose a part's chain of custody from the OEM to the customer.

AS 9120 complements AS9100 and may be used by OEMs or others in the aerospace supply chain. This standard applies to "pass through" distributors (i.e., businesses that accumulate and distribute parts and materials rather than add value or work on the products themselves). Value-added distributors are subject to the appropriate requirements of AS 9100.

AS 9100 certification can be used throughout the entire aerospace supply chain including the design and manufacture of airport and airline operations, replacement parts, supply and maintenance, cargo handling, overhaul and repair depots and flight operations.  If you provide the above mentioned services, it applies to your organisation.

Apart from the fact that major aircraft engine manufacturers, such as General Electric's Aircraft Engine division (GEAE), Boeing, Rolls-Royce Allison and Pratt & Whitney, are requiring their suppliers to be certified to AS 9100, Certification to the AS 9100 standard provides:
• Qualification to be considered as an aerospace supplier
• Public recognition
• Internal validation
• Independent feedback to foster continual improvement

TL 9000 is based on ISO 9001, so an organisation that is already certified to this quality management system standard has fulfilled part of the requirements. An added element in TL 9000 is a focus on performance measurements for the telecommunications industry. QuEST Forum has published two handbooks to guide the implementation of the TL 9000 quality management system. They are the TL 9000 Requirements Handbook and the TL 9000 Measurements Handbook.

The TL 9000 Requirements Handbook contains all of ISO 9001 plusadditional requirements specifically addressing the needs of quality management system in telecommunication organisation.

The TL 9000 Measurements Handbook is a comprehensive guide to measurements processing, usage, responsibilities and requirements. It identifies performance measurements in the key areas of hardware, software, common, outage and service quality.

Yes it is. In fact, the ISO/PAS 28000 standard integrates the ISO 9001 quality management system’s process-based approach, its Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement, with the risk management concept of ISO 14001.

ISO/PAS 28000 requires the user organisation to establish, document, implement, maintain and continually improve on its security management system, to identify security risks and control and mitigate their consequences.

ISO/TS 16949 is an ISO Technical Specification which aligns existing American, German, French and Italian automotive quality system standards within the global automotive industry. ISO/TS 16949 specifies the quality system requirements for design/ development, production, installation and servicing of automotive-related products.

The ISO/TS 16949 document was developed by the International Automotive Task Force (IATF) and the Japan Automobile Manufacturers Association(JAMA), with the support of the ISO technical committee, ISO/TC 176. The IATF committee consists of an international group of vehicle manufacturers: the BMW Group, DaimlerChrysler, Fiat Auto, Ford Motor Company, General Motors Corporation, PSA Peugeot-Citroen, Renault SA and Volkswagen, plus national trade associations, AIAG (America), VDA (Germany), SMMT (UK), ANFIA (Italy) and FIEV (France). The Japanese Automobile Manufacturers Association (JAMA) is a Tokyo-based trade association representing 13 Japanese car, truck, bus and motorcycle manufacturers.

The ISO/TS 16949 Automotive Sector requirements defines international automotive quality system requirements and is written in consistent with the ISO 9001 standard. Additional customer specific requirements are required by individual subscribing vehicle manufacturers and are provided separately.

ISO/TS 16949 will not be accredited by UKAS or any national accreditation body. Witness audits of office activities and field assessments will be performed by IATF, to verify a certification body’s competence and compliance to requirements. The UKAS symbol will not be displayed on any ISO/TS 16949 certificates; instead the IATF logo will be displayed.

For latest information on accreditation by IATF, consult the customer service department of the certification bodies.

Lean  is a way of working  which utilises minimum resources to achieve more output. In other words, to do more with less. How it this possible ? Through the relentless elimination of wastes that can be found in all types business processes. Customer satisfaction are not compromised as a result of a lean initiatives but,  greatly enhanced in terms of higher Quality, lower Costs, and shorter Delivery lead time.

Organizations are facing tough competition and environment where products, services and technology are so easily replicable. Organizations need to improve and distinguish themselves by being able to provide products/services faster, better and at lower cost. Lean provide the method on how to make improvement quickly and  consistently to achieve better profitability and growth.

Yes. Non-manufacturing organisations (such as Lockheed Martin) are also implementing Lean.  The Lean management principles and approach are relevant both to manufacturing and non-manufacturing organizations. What are different for non-manufacturing organisations are the tools that are used for analyzing and improving processes. Data analysis tools are generally more suitable for manufacturing processes whereas process mapping and analysis tools are more suitable for non-manufacturing processes.

“Value” is seen from the customer’s point of view. A feature or characteristics of a product is of value if the customer wants it and is willing to pay for it.  In Lean Manufacturing, the organisation eliminates, as much as possible, the activities that do not contribute to “value” from the customer’s point of view.
 

Lean Manufacturing concepts are equally applicable to Services. There are activities in Service organisations that are ‘wastes’ and considered ‘non-value’ by the customers. Implementation of Lean Concepts result in: 
• Lower operational cost
• Less queuing time
• Shorter service cycle time
• Less redundant paper work
• Less errors
• More effective dissemination
• Greater capability using existing resources
• Happier customers
 

Lean is about implementing a lean principles and tools to improve processes. They are many elements in Lean improvement management system and statistical method is a minor part of the elements. Statistical method is necessary to translate raw data into information for making decision about the process. Not all Lean improvement projects require the application of complex statistical methods. 
 

1.The previous version of ISO 9000 did not emphasise improvement. The new version emphasizes the
    improvement aspect. ISO 9000 tells you "What You Need To Do" while  "Lean teaches you How To Do
    It". 

2. ISO 9000 comes with the need to get certification at the organisation level.

In Lean, it is not a practice at the present moment to certify organisations.

You can conduct a one-day Lean Awareness for the management team for them to obtain a clear picture of what is Lean and how Lean can help an organisation to achieve excellence. This will help them to make an informed decision. Next, you can get a consultant to conduct an assessment on your organisation and give you an independent feedback on the potential areas for reducing Waste and Cost. This may also help to the organisation to evaluate the costs and benefits of implementing Lean.

The entire Lean Programme typically takes about 3 to 12 months depending on the requirements and the size of each company. Generally, the company will see return on their investment when the first wave of projects are completed (around 6-9 months).

We would recommend you to start the Lean Awareness and the initial assessment to educate the management and to provide a more accurate proposal. The objective is to ascertain the training requirements so that we can customise the training programme and to determine the extent of consultancy support required. This will have an impact on the investment required as training takes up a major portion of it.

I will summarise them in five key words that is Cheaper, Faster and Better leading to Improved Profitability and Organisational Excellence. 
• Lower operational cost
• Less Inventory
• Shorter lead times
• Less rejects and rework
• More effective utilisation of resources
• Greater capacity using existing resources

Six Sigma is a management approach focusing on making improvement effectively in an organisation to meet customer requirements. Six Sigma is about asking tougher and tougher questions until we receive quantifiable answers that change behavior.

[Note: Six Sigma is a management tool for the management to manage the improvement aspect. It is not just a problem-solving tool for engineers or officers]. As a statistical term, Sigma is a Greek alphabet that describes variation from the average. 
   
 

Organisations are facing stiff competition and a situation where your products, services and technology are so easily replicable. Organisations need to improve and differentiate yourself by able to provide your products/services faster, better and at lower cost. Six Sigma provide the method on how to make improvement effectively to achieve better profitability and growth.

Yes. Non-manufacturing organisations (such as Federal Express, Citibank) are also implementing Six Sigma.  The Six Sigma management principles and approach are relevant both to manufacturing and non-manufacturing organisations. What are different for non-manufacturing organisations are the tools that are used for analysing and improving processes.

Yes. Non-manufacturing organisations (such as Federal Express, Citibank) are also implementing Six Sigma.  The Six Sigma management principles and approach are relevant both to manufacturing and non-manufacturing organisations. What are different for non-manufacturing organisations are the tools that are used for analysing and improving processes.

Six Sigma can be summarised into 5 key words; Cheaper, Faster and Better leading to Improved Profitability and Organisational Excellence. Immediate benefits include:
• Improve product and service quality performance
• Reduce cycle time (ie time when order is in to time when order is met by company)
• Identifies and eliminate cost that has no value to customers
• Improve customer satisfaction
• Focuses on defect prevention (reduce waste)
• Increase efficiency, effectiveness
 

Even though both Black Belt (BB) and Green Belt (GB) are trained in the DMAIC approach and the Six Sigma tools and techniques to improve products/services and processes, BB is different due to the following:
• Trained on a wider array and more advanced set of tools and techniques.
• Able to work with and advice management on the identification and subsequent implementation of
  improvement projects.
• Mentor to Green Belt.
• Develop skills that will enable them not only to improve existing processes but also to design new 
  products/services to Six Sigma quality levels.
 

Six Sigma is a methodology for improving processes. Because almost everything in business consists of processes, Six Sigma can be applied in almost all areas. It links with other programs, enhancing and building upon work already carried out. Six Sigma methodology has been proven to succeed in almost all business environments.

Six Sigma brings a structure to how we do things: Firstly, identification of the business strategy and what the key elements for success are. This is followed by identification of the gaps that will prevent this success. Projects are chosen to close these gaps. Through rigorous methodology, data collection and analysis, real root causes are identified affecting process performance. Improvements to these root causes are implemented. Finally, robust controls are put in place to ensure improvements are sustained.

You can conduct a one-day Top Executive Briefing for the management team for them to obtain a clear picture of what is Six Sigma and how Six Sigma can help an organisation to achieve excellence. This will help them to make an informed decision. Next, you can get a consultant to conduct an assessment on your organisation and give you an independent feedback on the potential areas for reducing Cost Of Poor Quality. This may also help to the organisation to evaluate the costs and benefits of implementing Six Sigma.

The entire Six Sigma Programme typically takes about 9 to 12 months depending on the requirements and the size of each company. Generally, the company will see return on their investment when the first wave of projects are completed (around 6-9 months).

We would recommend you to start the Top Executive Awareness and the initial assessment to educate the management and to provide a more accurate proposal. The objective is to ascertain the training requirements so that we can customise the training programme and to determine the extent of consultancy support required. This will have an impact on the investment required as training takes up a major portion of it.

DFSS is a specific approach to design and develop new products. In the industry, product design and development is often called New Product Introduction (NPI) process. Many companies have recognised the benefits of this approach and are incorporating DFSS concepts and tools into their new product introduction process. They include General Electric, Samsung, Philips, Siemens, and Seagate.

NO. This standard only describes, “What the organisation needs to do” but not “How to comply”. Thus, the organisation always has the flexibility to determine the complexity and amount of documentation in its QMS.

In selecting a certification body, it is important to consider if the certification body is accredited to provide certification services in your area of activity.  On top of that, it may be important to find out from your customers as to the preferred certification body that they would want your organisation to appoint.

YES. This standard can be integrated with other systems such as ISO 14001, OHSAS 18001, ISO/TS 16949, ISO/IEC 17025, ISO 22000, HACCP, ISO 13485, and many others.

The number of employees is not a requirement to implement ISO 9001. One may be a 5-man organisation or a 5,000 strong organisation. Size does not matter.

Implementing ISO 9001 provides uncountable benefits - both tangible and intangible. This standard provides a systematic approach for an organisation to control all its processes. By adopting this systematic approach, the organisation may be able to increase its market share, reduce second party audits, and have better control on quality.

Due to the critical needs of the international oil and gas industry, this sector requires rigorous conformity to engineering, user and regulatory requirements.  The industry handles fluids (liquids and gases), often at high pressures, through a variety of products and processes.  Considerations for the safety of personnel, including the public, are of paramount importance.

Improved environmental awareness brings a world-wide focus to the environment, encouraging a cleaner, safer and healthier world. Facts have shown that companies need an environmental management certification to compete in the global marketplace. In addition, ISO 14001 provides a framework for continual environmental performance and this helps in ensuring compliance to regulatory requirements as well as to reduce business risks.

An EMS can help you to comply with regulations more consistently and effectively. It can help you to identify and capitalise on environmental opportunities that go beyond compliance.

An EMS will not result in a more or less stringent legal compliance obligation. But an EMS should improve your efforts to comply with legal obligations, and in some cases, lead to a more flexible compliance requirements.

YES. This standard can be integrated with other systems such as ISO 9001, OHSAS 18001 and many others.

OHSAS 18001 certification proves that your management system has been measured against a best practice standard and found compliant. Issued by a third party accreditation body/registrar, the certificate lets employees and other stakeholders know that you proactively protect the health and safety of your work force.

NO. It is not an international standard. The OHSAS 18000 series was developed by a group of national bodies, certification bodies and specialist consultancy firms rather than the International Organisation for Standardisation (ISO). Published by the British Standards Institution, United Kingdom, ownership and copyright of this specification is still retained by them.

In general, all industries need to have an OH&S Management System. It applies to any organisation that wishes to eliminate or minimise its OH&S risks, assure itself of its stated OH&S Policy and comply to applicable OH&S Laws.

Both OHSAS 18001 and the Malaysian Standard, MS 1722 Part I are specifications for OHSMS that can be used for certification. Organisations can opt to be certified to either one or both. MS 1722 Part I has additional stipulated requirements compared to OHSAS 18001; namely in operational control.

On the other hand, ILO-OSH 2001 by the International Labor Organisation – Occupational Safety & Health and Part II of the Malaysian Standard, MS 1722 are Occupational Safety and Health Management System guidelines for the implementation of OHSMS and are compatible with the OHSAS 18002 guidelines. These guidelines cannot be used for certification.

NO. Being certified does not in itself confer immunity from legal obligations. However, as a management system, OHSAS 18001 provides a useful framework for the organisation to address applicable legislative requirements. The concept of compliance to legal requirements and continual improvement are minimum requirements of OHSAS 18001.

YES. The standard has been developed to be compatible with the ISO 9001 QMS and ISO 14001 EMS. It is recommended that the three systems be integrated into a single one for better business management and performance.
 

Laboratories that test products and samples as well as those that calibrate precision instruments may use this standard.

This standard is not an industry-specific standard per se though most who implement it tend to be organisations in the business of testing and calibration. A laboratory at a manufacturing concern or a laboratory at a hospital that find it useful to assure others of its technical competence may also use it.

ISO/IEC 17025 is divided into two principal parts, i.e. Management requirements and Technical requirements. The management requirements are similar to the ISO 9001 Quality Management System. Hence, an organisation with prior ISO 9001 certification would fulfil this component and would only need to put in a bit more work on demonstrating that it is technically competent and able to generate valid results.

This standard is not an industry-specific standard per se though most who implement it tend to be organisations in the business of information security or managing information. An IT or an Information Security (IS) Department in a manufacturing facility or a bank may find it useful as well to assure others that it has a system in placed for information security.

Information security is not just IT security. Information may exist in many other forms - written, printed, verbalised or in images. The underlying principle of this standard is that information in any form, whichever means it is stored, shared or used, must always be appropriately protected.

The ISMS assists organisations to carry out the day-to-day management of information in a systematic way and to improve on the protection of this very crucial resource in all organisations ie information.
 

An organisation can choose to integrate any combination of management systems. The common ones include: ISO 9001, ISO 14001, OHSAS 18001, HACCP, ISO/TS 16949, ISO 22000, ISO 13485, ISO/IEC 17025, TL 9000, AS 9100, ISO/PAS 28000, ISO/IEC 27001 and ISO 20000.

An organisation can integrate the following processes commonly found in management systems: Document Control, Records Control, Internal Audit, Management Review, Training and the Corrective and Preventive Actions. In so doing, the organisation can combine some of the documentation, reduce the amount of documentation and simplify its document management.

Any certification body, which has auditors from multi-disciplines and experience in the various management systems, will be able to perform the integrated audit upon a client’s request.

Amongst the areas covered by SA 8000 are: child labour, forced labour, health and safety, freedom of association and collective bargaining, discrimination, disciplinary practices, working hours, compensation and management systems and workers’ rights.

SA 8000 embraces existing international agreements, including International Labour Organisation (ILO) conventions, the Universal Declaration on Human Rights, and the UN Convention on the Rights of the Child. SA 8000, is a way for retailers, customers, suppliers and other organisations to maintain a just and decent work condition throughout the supply chain.