Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8.2 <strong>ISO</strong> <strong>9001</strong>:<strong>2000</strong> registration <strong>process</strong> 257<br />
• Were design <strong>and</strong> development activities planned<br />
• Were design objectives specified<br />
• Was a life cycle with predetermined stages identified<br />
• Was the design reviewed, verified, <strong>and</strong> validated<br />
• Who was responsible for reviewing design <strong>and</strong> development<br />
In addition, the auditor will verify that the organization has implemented<br />
the QMS direction for review of design inputs, their relationships to the<br />
requirements, outputs, <strong>and</strong> their adequacy for performing subsequent <strong>process</strong>es<br />
such as production, coding, or purchasing. The auditor will verify<br />
that design changes were documented <strong>and</strong> were implemented only when<br />
approved.<br />
Throughout the audit, the auditor verifies that measurement <strong>and</strong> monitoring<br />
activities were performed <strong>and</strong> that data were collected <strong>and</strong> analyzed.<br />
In each instance of the <strong>process</strong> audit, the auditor will determine the<br />
effectiveness of those <strong>process</strong>es in practice. Because the audit trails are interactive,<br />
the auditor will be able to make sure that the <strong>process</strong>es implemented<br />
in an organization indeed form an interconnected system.<br />
At the conclusion of the assessment, the assessor presents the identified<br />
noncompliances (classified as major or minor) to the client <strong>and</strong> makes the<br />
recommendation for certification or rejection. Shortly after the assessment,<br />
a written report is created <strong>and</strong> delivered to the organization’s management<br />
<strong>and</strong> to the Committee on <strong>ISO</strong> Registration, which reviews the report <strong>and</strong><br />
decides if certification will be granted. Any major noncompliance will require<br />
corrective action <strong>and</strong> may require a corrective action assessment to be conducted<br />
before certification is granted. The corrective action usually must be<br />
implemented within 90 days.<br />
After registration, surveillance audits are conducted on a yearly basis to<br />
review compliance with selected elements of the st<strong>and</strong>ard. After 3 years, a<br />
reassessment must be conducted to maintain registration. The reassessment<br />
reviews all applicable <strong>ISO</strong> <strong>9001</strong> elements.<br />
If the organization’s QMS changes significantly, <strong>and</strong> those changes affect<br />
<strong>ISO</strong> compliance, the organization should inform the registrar. The registrar<br />
may then decide to perform a special assessment to address those changes,<br />
perform a new assessment, or take no action. Similarly, if the organization<br />
increases or decreases the scope of the registration, reassessment may be<br />
required or the changes in scope may be addressed in the next surveillance<br />
assessment.