ISO 9000 Standard

Archive for the ‘Quality Management System’ Category

Process Based Auditing Of Quality Management System

Any effective quality management system (including the subsystems) works as a control process, which has the ability to detect deviations and nonconforming products and assures that the corrective and preventive action measures are effective. The regulatory auditor should check that all subsystems and processes of the quality management system are structured as self-regulating control processes. For example Deming’s PDCA cycle demonstrates such a process with the following components:

i) Plan – Has the manufacturer established the objectives and processes to enable the quality system to deliver the results in accordance with the regulatory requirements?

ii) Do – Has the manufacturer implemented the quality system and the processes?

iii) Check – Has the manufacturer checked process monitoring and measurement results against the objectives and the regulatory requirements? Does the manufacturer evaluate the effectiveness of the quality system periodically through internal audits and management reviews?

iv) Act – Has the manufacturer implemented effective corrective and preventive actions? Confirm that the company is committed to providing high quality safe and effective medical devices, and that the company is conforming with applicable laws and regulations. These are generic questions that can be asked throughout the audit.

Sampling

In general there are two ways of sampling records for review which are useful in regulatory audits risk based and statistical. Where possible, auditors should select samples based on factors which are most likely to affect the safety of the patient. In this situation sampling tables are not necessary. The auditor may however decide to select a statistically valid sample. A sample can also be drawn using a combination of risk based and statistical sampling.

Audit Planning

i) Further to the requirements given in the chapter 11 of GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers – Part 1:

General Requirements (SG4/N28R2), some more consideration should be given to the following points: Information from the Manufacturer Estimation of audit duration, frequency and targeted on-site auditing time Further points to consider are given in chapter 6. Information required from the manufacturer

ii) In the planning phase, the following information should be requested from the manufacturer to estimate the audit duration and to prepare the audit plan for Regulatory Auditing of Quality Systems of Medical Device: manufacturer’s name, address contact name, telephone, fax numbers and e-mail addresses ? total number of employees (all shifts) covered by the scope of the audit ? range and class of medical devices being manufactured types of devices? sold and/or planned to be sold in the countries and/or regions for which the regulatory requirements will be assessed, including a complete list of authorizations (e.g. licenses) issued for those devices (where applicable) location and function of each site to be included in the audit a list of activities on each site the involvement of any? special manufacturing processes, e.g. software, sterilization, etc. a list of the activities performed by subcontractors and their locations, including the type of control that is exercised over those outsourced operations any existing audit results from other auditing organizations e.g. from USA, Australia, Europe, Canada, Japan. do they install or service the medical devices produced changes since the last audit, if applicable.

ii) Audit frequency The audit frequency is dependent on the factors mentioned in Appendix 3, the regulatory requirements and history of the Manufacturer.

iv) Audit duration The audit duration has a significant effect on both regulatory agencies and industry. It is dependent on factors such as the audit scope and specific regulatory requirements to be assessed, as well on the range, class and complexity of devices, and the size and complexity of the manufacturer. If not specifically mentioned, the considerations in this section are applicable to initial, and surveillance audits.

v) Relation between audit frequency and audit duration Audit duration depends on the audit frequency. In the following an annual audit frequency is the baseline as reference in IAF Guidance on the Application of ISO/IEC Guide 62. For more or less frequent audits, audit duration should be adapted accordingly. vi) Method of estimating audit duration When auditing organizations are planning regulatory audits, sufficient time should be allowed for the audit team to establish the conformity status of a medical device manufacturer’s quality system with respect to the relevant regulatory requirements. Any additional time required to assess national or regional regulatory requirements must be justified.

Quality Management System Requirements
The ISO 9001:2008 standard is meant to be generic and applicable to all kinds of organizations. Therefore, organizations from both the public and private sectors, including non-governmental organizations can benefit from the ISO 9001 quality management system model, regardless of whether they are small, medium or large organizations. The immediate benefit that can be realized from the implementation of ISO 9001 is the collective alignment of the activities of internal processes that are focused towards the enhancement of customer satisfaction which will result in many other benefits, whether internal or external. The magnitude of these benefits are determined by how effective the processes are in achieving its objectives.

General Description of ISO14001 Standards

ISO14001 Standards requires an Environmental Policy to be in existence within the organisation, fully supported by senior management, and outlining the policies of the company, not only to the staff but to the public. The policy needs to clarify compliance with Environmental Legislation that may effect the organization and stress a commitment to continuous improvement. Emphasis has been placed on policy as this provides the direction for the remainder of the Management System.

Those companies who have witnessed ISO9000 Assessments will know that the policy is frequently discussed during the assessment, many staff are asked if they understand or are aware of the policy, and any problems associated with the policy are seldom serious. The Environmental Policy is different, this provides the initial foundation and direction for the Management System and will be more stringently reviewed than a similar ISO9000 policy. The statement must be publicised in non-technical language so that it can be understood by the majority of readers. It should relate to the sites within the organisation encompassed by the Management System, it should provide an overview of the company’s activities on the site and a description of those activities. A clear picture of the company’s operations.

The preparatory review and definition of the organization’s environmental effects is not part of a ISO14001 Assessment, however examination of this data will provide an external audit with a wealth of information on the methods adopted by the company. The preparatory review itself should be comprehensive in consideration of input processes and output at the site. This review should be designed to identify all relevant environmental aspects that may arise from existence on the site. These may relate to current operations, they may relate to future, perhaps even unplanned future activities, and they will certainly relate to the activities performed on site in the past (i.e. contamination of land).

The initial or preparatory review will also include a wide-ranging consideration of the legislation which may effect the site, whether it is currently being complied with, and perhaps even whether copies of the legislation are available. Many of the environmental assessments undertaken already have highlighted that companies are often unaware of ALL of the legislation that affects them, and being unaware, are often not meeting the requirements of that legislation.

The company will declare its primary environmental objectives, those that can have most environmental impact. In order to gain most benefit these will become the primary areas of consideration within the improvement process, and the company’s environmental program. The program will be the plan to achieve specific goals or targets along the route to a specific goal and describe the means to reach those objectives such that they are real and achievable. TheEnvironmental Management System provides further detail on the environmental program. The EMS establishes procedures, work instructions and controls to ensure that implementation of the policy and achievement of the targets can become a reality. Communication is a vital factor, enabling people in the organisation to be aware of their responsibilities, aware of the objectives of the scheme, and able to contribute to its success.

As with ISO 9000 the Environmental Management System requires a planned comprehensive periodic audit of the Environmental Management System to ensure that it is effective in operation, is meeting specified goals, and the system continues to perform in accordance with relevant regulations and standards. The audits are designed to provide additional information in order to exercise effective management of the system, providing information on practices which differ to the current procedures or offer an opportunity for improvement.

In addition to audit, there is a requirement for Management Review of the system to ensure that it is suitable (for the organization and the objectives) and effective in operation. The management review is the ideal forum to make decisions on howe to improve for the future.

Save OUR EARTH!!! Go For ISO 14001 Standards – Environmental Management System. If all companies implement ISO 140001 Standards – Environmental Management System in the organization, it will help us to protect our environment.

Global Warming! What can be done? Can ISO 14001 Standards – Environmental Management System Help??

One of the front page headlines in the Monday, June 13, 2005 edition of USA Today read: The debates over: Globe is warming. The sub-title paragraph declared: Politicians, corporations and religious groups differ mainly on how to fix the problem.

While there will always be hold-outs, fewer and fewer knowledgeable people are denying that global warming is a reality resulting from an increase in the amount of greenhouse gases being generated. What remains in debate are the causes of this phenomenon. Is it man-caused, perhaps a by-product of the growing demand for energy, much of which is produced from fossil fuels? Is it a product of natural events like volcanic eruptions or the digestive processes of animals? Is deforestation part of the problem? Is it a combination? Are there other, yet undefined factors at work?

Much work needs to be done to answer these questions. Depending upon the answers, environmental scientists will then turn their focus from cause definition to mitigating the effects of global warming, and instituting corrective and preventive action. Does this sound like the same language used by those involved in quality and/or environmental management system? Of course it does! Quality and environmental professionals have been using the tools of problem prevention and corrective action for years to predict problems before they occur and to correct problems if and when they occur and institute actions to prevent recurrences.

As individuals, each of us can contribute to the solution. As a start, we can choose to drive vehicles that are more fuel-efficient. We can plant more trees. We can recycle where practicable. We can take stock of our energy consumption practices and try to reduce them by some factor.

But, what steps can your organization take to help? The answers are varied, depending upon the size of the organization and the related environmental aspects and impacts. But no matter how simple or complex the business, each can benefit from the implementation of a management system based on ISO 14001:2004. This international standard has as its focus the prevention of pollution, accomplished by a teamwork approach to identifying those aspects of the organizations processes that have the potential for harming the environment and the development of ways to reduce or prevent this harm. In the process, many organizations have found ways to reduce costs by elimination of scrap, changes to their waste disposal processes or reduced use of natural resources. It is the application of the system approach that has proven to be successful. And, once the system is in place, it is logical and beneficial to have that system certified and registered. This provides added assurance that the management system remains effective and also provides public recognition to numerous stakeholders that your organization is committed to the prevention of pollution.

The standard is based around the principles of customer satisfaction, continual improvement and the development of a process based quality management system. Although not referenced in the standard itself the 

• a customer focused organisation
• leadership
• the involvement of people
• ensuring a process approach
• a systematic approach to management
• a factual approach to decision making
• mutually beneficial supplier relations
• continuous improvement

ISO 9001:2008 has been written to ensure that its guiding principles are equally relevant to all sectors of industry and to all types of organisation. Although containing requirements to control the key processes within an organisation, it only requires six documented procedures. The standard emphasises the need for an organisation to continually monitor their own processes and systems, with many clauses making reference to self monitoring or measurement or both. This emphasis aims for an integrated approach to business processes. Instead of operating to a business plan on one hand and a quality management system on the other, the standard aims to integrate both of these functions into one system.

What is a quality management system?
ISO 9001:2008 is a standard that specifies criteria for a quality management system (QMS). A QMS incorporates those elements of an organisations management system that direct and control it with regard to quality. Such a system will need to be supported by top management who will need to be able to demonstrate management commitment.

How do you demonstrate management commitment?
Management commitment is one of the cornerstones of ISO 9001:2008, requiring top management to develop and improve the QMS throughout the organisation. This commitment can be demonstrated by a number of methods including creating a quality policy, conducting management reviews and establishing quality objectives.

What is a quality policy?
ISO 9001:2008 specifies that an organisation must have a quality policy that documents the organisations overall intentions and direction related to quality as formally expressed by top management. Such a policy will include a commitment to comply with ISO 9001:2008, to continuously improve the QMS and to set and monitor measurable quality objectives.

What are quality objectives?
The quality objectives are those targets sought or aimed for by the organisation that are related to quality. These quality objectives must be SMART (suitable, measurable, achievable, reviewed and timely). Examples of quality objectives might be; to reduce machine down time by 20% or to reduce rework costs by ?00 p/m. Whatever quality objectives are chosen they must be meaningful and adequately resourced by the organisation.

What is a management review?
A management review is a key element of how the top management of an organisation can assess its performance in terms of the objectives it sets itself, the requirements set by the standard and how its systems are operating. Normally, a management review is a regular meeting of the top management team and uses the information that the organisation? systems have derived. It is a useful forum to review and revise quality objectives.

What are internal audits and why do I need to carry them out?
Internal audit is one of the key monitoring processes required by the standard and functions as a check on the organisation? systems. It is the opportunity for an organisation to determine compliance to the systems it has established and maintained to meet the needs of its customers and identify opportunities for improvement. Internal audit can be seen as a ealth check?for an organisation.

The core of ISO 9001:2008, Product realisation
Clause 7 of ISO 9001:2008 contains the core processes that most organisations carry out. Any clause or sub-clause in section 7 can be excluded from an organisations quality management system if it can be justifiably excluded. Examples of common exclusions are clause 7.3 design and development, clause 7.5.3 traceability and clause 7.6 the control of monitoring and measuring devices. Clauses can only be excluded if their exclusion does not affect the company? ability to provide a product or service that meets customer requirements.

These core processes should be managed and controlled via the quality management system, and are evaluated for effectiveness and suitability by the internal audits with feed back into the management review.

This is a clear demonstration of one of the key principles of ISO 9001:2008, continuous improvement by critical self-evaluation. The output from the self-evaluation is fed into a planning stage to determine actions needed to improve the system. Following the planning and consultation comes the action phase where the proposed changes are implemented. Then the cycle starts again by checking that the changes are effective and meaningful by self-evaluation.

Other requirements of section 7 are;
Product planning to ascertain and then implement the necessary controls and resources to ensure product realisation.

Purchasing control to verify purchased product against comprehensive purchasing information and the selection and evaluation of suppliers.

Production and service provision to ensure that this activity is carried out in controlled conditions and that any processes that cannot be verified during production are validated to ensure capability. Where appropriate the product must be identified, and if required, traceable at all stages of production. Any customer property must be identified and protected from harm and all products must be stored and handled in such a way to preserve product conformity.

Any monitoring and measuring devices needed to provide evidence of product conformity must be identified and if necessary calibrated.

But what about the customer? 
All of the clauses in ISO 9001:2008 are in some way focused towards meeting and exceeding the customer? expectations. For example the requirement of management to determine and communicate the importance of customer requirements throughout the organisation, and the review of customer orders to ensure that they can be met. Companies are required to implement methods for effective communication with the client at all stages of the business including ascertaining customer satisfaction after the product or service has been delivered as well as resolving customer complaints.

Finally?
ISO 9001:2008 is widely acclaimed as being the pre-eminent specification for quality management systems, it requires a company to look at itself and ask the question, ‘how can we improve?’ An ISO 9001:2008 management system should be an essential part of any business process, requiring continual improvement by self-evaluation with a goal of ensuring that current and future customer expectation can be met and exceeded.

If you have any queries concerning ISO 9001:2008 please visit http://www.iso-consults.com/

ISO 9001:2008 document is underpinned by eight key quality management principles;

4.1 General requirements

The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standards. The organization

• shall determine the processes needed for the quality management system and their application throughout the organizations,
• determine the sequence and interaction of these processes,
• determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
• ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
• monitor, measure (where applicable) and analyze these processes, and
• implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of this International Standard.

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

NOTE 1: Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement.

NOTE 2: An outsourced process is identified as one being needed for the organization’s quality management system, but chosen to be performed by a party external to the organization.

NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory, and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as
a) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,
b) the degree to which the control for the process is shared;
c) the capability of achieving the necessary control through the application of clause 7.4.

Clause 4.2 Documentation requirements

4.2.1 General

The quality management system documentation shall include
documented statements of a quality policy and quality objectives,

• a quality manual,
• documented procedures and records required by this International Standard,
• documents including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes

NOTE 1: Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.

NOTE 3: The documentation can be in any form or type of medium.

4.2.2 Quality Manual

The organization shall establish and maintain a quality manual that includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2), the documented procedures established for the quality management system, or reference to them, and a description of the interaction between the processes of the quality management.

4.2.3 Control of documents

Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.

A documented procedure shall be established to define the controls needed

• to approve documents for adequacy prior to issue,
• to review and update as necessary and re-approve documents,
• to ensure that the changes and the current revision status of documents are identified,
• to ensure that relevant versions of applicable documents are available at points of use,
• to ensure that documents of external origin are identified and their distribution controlled, and
• to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.

4.2.4 Control of records

Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records. Records shall remain legible, readily identifiable, and retrievable.

The ISO 9000 Management Representative is appointed by the top management of an organization. Irrespective of other responsibilities, he/she is responsible and has the authority in

• ensuring that processes needed for the quality management system are established, implemented and maintained,
• reporting to top management on the performance of the quality management system and any need for improvement, and
• ensuring the promotion of awareness of customer requirements throughout the organization.

The responsibility of the Management Representative also includes liaison with external parties on matters relating to the quality management system.

The Management Representative is usually assisted at the departmental level by Quality Representatives. This position is assumed by the respective Department Managers. The Quality Representatives are responsible for the quality processes which are applicable to their respective departments.

The Quality Representatives head their respective Quality Improvement Teams which are established for the purpose of monitoring processes and identifying opportunities for improvements. Members of the Quality Improvement Teams comprise of key personnel within the departments/process areas who are appointed by the Quality Representative to assist him/her at the process-level.

The Management Representative is also assisted by an appointed Document Controller whose responsibility is to implement the Control of Documents and Control of records procedures.

Collectively, the Management Representative, Quality Representatives and the Document Controller make up the Quality Management System Committee. This committee meets regularly to provide relevant inputs and resolutions for the quality management system. The structure of the Quality Management System Committee is as follows:

• Management Representative – Chairman
• Document Controller – Secretary
• Quality Representatives – Members

[Note: The above is just an example. If you are a small organization, a QMS Committee and Quality Improvement Teams may not be necessary]

To facilitate effecetive communications, the Quality Management System Committee and the Quality Improvement Teams, respectively, meet regularly in order to ensure that communication regarding the effectiveness of the quality management system takes place. Pertinent information regarding the quality management system is then posted by the Management Representative on the Bulletin Board for the benefit of all employees. Employees are generally encouraged to provide their inputs towards the quality management system through suggestion boxes which are located at strategic locations within the organization’s premises.

Note: Some organizations employ this method but results may vary among other organizations. The key is to continually improve on these methods/processes.

How Quality Management System is implemented?

The terms ‘establish’, ‘document’, ‘implement’, ‘maintain’ and ‘improve’ are used in the ISO 9000 Standard as though this is a sequence of activities when in reality, in order to establish a system it has to be put in place and putting a system in place requires two separate actions:
- Design the Quality Management System using a process that transforms the system requirements into specific characteristics that results in a clear definition of all the processes that meet the system requirements.
- Construct the system using a process that documents, installs, commissions and integrates the processes to deliver the required business outputs.
The way in which these phases of quality system development are related is
illustrated in the management system process model shown in Figure 4.1. This diagram has some important features. Note that the design input to the system comprises internal and external requirements. On the right side there are four improvement routes:
- Improvements in conformity during operation of the system arise through
enforcing policy and practices – doing what you say you do
- Improvements in conformity during system construction arise through
enforcing policy and design rules on the system – reworking the system to
comply with the established policies and objectives
- Improvements in efficiency during system construction arise through
finding better ways of implementing the system design – shorter, less
wasteful routines, less complexity, lower skill levels, fewer resources
- Improvements in effectiveness arise as a result of identifying different
policies and objectives – higher targets, new objectives, new requirements,
regulations, and new technologies.
As indicated above, establishing a system means designing and constructing it, which can be referred to as system development. System design is dealt with under Identifying processes. Constructing the system covers documentation, resourcing, installation, commissioning, qualification and integration.

Implementing A Quality Management System

An ISO 9000:2008 quality management system can be implemented by following the steps detailed as follows:

1. Evaluate the organization’s need/goals for implementing a QMS Need may arise from repeated customer complaints; frequent warranty returns; delayed deliveries; high inventories; frequent production hold-ups; and high level of rework or rejection of products or services.

At this stage, identify the goals which you would like to achieve through a QMS, such as customer satisfaction, increased market share, improved communications and morale in the organization, greater efficiency and profitability, etc. Another objective in implementing a QMS may be a demonstration of compliance through third party certification, which may be requested by an important client or required for enlisting as a supplier to large companies, e.g., original equipment manufacturers (OEMs).

2. Obtain information about the ISO 9000 family

The persons identified for initiating the development of an ISO 9000 QMS need tounderstand the requirements of ISO 9001:2008 as read with ISO 9000:2000 and ISO 9001:2008.

Supporting information such as quality management principles, frequently asked questions (FAQs), guidance on clause 1.2 (application) of ISO 9001:2008, guidance on documentation requirements of ISO 9001:2008 and other brochures are available free of charge on the ISO web site;

3. Appoint a consultant, if necessary

If, within the organization, you do not have adequate competence to develop a QMS, you may appoint a consultant. Before doing so, it is good to check his/her background; knowledge about the product realization processes of your organization; and experience in helping other organizations to achieve their stated goals, including certification.

Carry out a cost-benefit analysis of hiring a consultant and agree the scope of his/her work in writing. It is also possible to appoint a consultant only for the training of key staff; the latter can then carry out further training and development of the system.

4. Awareness and training

Raise awareness about QMS requirements amongst all personnel performing activities that affect quality. Plan for and provide specific training on how to develop Quality Manuals; on procedures; on QMS planning; on how to identify and implement improvement processes; and on how to audit compliance with the QMS, etc.

The Institute of Quality Assurance (IQA), the American Society for Quality (ASQ)and the International Auditor and Training Certification Association (IATCA) can provide lists of training organizations.

5. Gap analysis

Evaluate gaps between your existing quality management system and the QMS requirements of ISO 9001. Prepare how to bridge these gaps, including by planning for any additional resources required. Gap analysis may be carried out through selfassessment or by the external consultant.

6. Product realization processes

Review clause 7 of ISO 9001:2008 relating to “Product realization” to determine how the requirements apply or do not apply to your company’s QMS.

The processes covered by this clause include:

• Customer-related processes

• Design and development

• Purchasing

• Production and service provision

• Control of measuring and monitoring devices

Note that if your company is not responsible for preparing the design of your product, you can exclude the requirement for “design and development” from your QMS and explain the reasons for doing so in your Quality Manual.

7. Staffing

Decide on the responsibilities of the persons who will be involved in developing and documenting the QMS, including the appointment of a management representative who will oversee the implementation of the QMS. Establishing a project Steering Committee may also prove useful to oversee progress and provide resources wherever required.

8. Planning a time frame

Prepare a complete plan to close the gaps identified in Step 5 to develop the QMS processes. In the plan, include activities to be performed, resources required, responsibilities and an estimated completion time for each activity. Clauses 4.1 and

7.1 of ISO 9001:2008 provide information that should be used when developing the plan. The total time required for each phase (planning, documentation, implementation and evaluation) depends on the extent of the gaps in your existing QMS.

9. Draft a Quality Manual

In your Quality Manual;

• Include how the QMS applies to the products, processes, locations and departments of the organization;

• Exclude any requirement with justification for doing so as decided in step 6

above;

• Refer to or include documented procedures for QMS;

• Describe the interaction between the processes of the QMS, e.g., the interaction between product realization processes and other management, measurement and improvement processes; and

• Draft the quality policy and quality objectives for the organization.

The staff concerned in the organization should review the Quality Manual and the documented procedures so that their comments and suggestions can be taken into account before the Quality Manual and procedures are approved for issue and use.

The effective date of implementation should also be decided.

10. Carry out internal audits

During the phase of implementation of some three to six months after the documentation has been written, the trained auditors should carry out one or two internal audits covering all activities for the QMS, and concerned management should take corrective action on the audit findings without delay. Wherever required, revise the manuals, procedures and objectives. After each internal audit, the top management should review the effectiveness of the system and provide necessary resources for corrective actions and improvements.

11. Apply for certification

On satisfactory completion of Step 10, and if your company decides to obtain third party certification, you can make an application for certification to an accredited certification body. The certification audit process is explained section VII.

12. Conduct periodic evaluations

After certification, the organization should periodically conduct internal audits to review the effectiveness of the QMS and see how it can be “continually improved”. The organization should evaluate periodically if the purpose and goals (see Step 1) for which the QMS was developed are being achieved, including its continual improvement.