Writing User Documentation

Course outline

Phil Cohen wrote and presented a course in Technical Writing at the University of Technology, Sydney. If you want to use this material from the course, please contact us.

Week 4: Quality Assurance and ISO 9000

What it is

Quality assurance, in its broadest sense, is any action taken to prevent quality problems from occurring. In practice, this means devising systems for carrying out tasks which directly affect product quality.

A simple example of quality assurance is a cooking recipe. A recipe is a system for preparing a particular dish. It describes the ingredients and utensils necessary to prepare the food, the method of cooking it, how to test when it is ready, how to store it, and how to serve it. Cooking to a recipe produces better and more consistent results. And the same applies to using systems in other situations.

To implement systems for an organisation, you need to carry out three basic steps: first develop the system; second, document it (this takes the form of policies, procedures, and reference information); and third, inform, instruct, and train staff to use it.

This process is illustrated below.

Systems of various kinds are, of course, already an integral part of all organisations. But in most cases they do not thoroughly address quality as a separate and important issue. This changes when an organisation embraces and pursues quality assurance.

Quality assurance does not only apply to products. Services, and even "non-production" activities such as administration and sales, benefit from a quality assurance approach.

Quality Assurance standards

Quality Assurance Standards are published documents which describe in detail what systems should be used by a company to manage quality.

The table below lists some of the QA standards issued by various bodies.

Name of QA standard	Issuing body	Applies to:
ISO 9001: Quality Systems - Model for quality assurance etc.	International Organisation for standardization	General supplier qualification
Code of Good Manufacturing Practice (GMP)	Health Dept.	Pharmaceuticals and sterile products
Testing Laboratory Certification standard	National Assoc. of Testing Laboratories (NATA)	Qualification of testing laboratories
API Q1 Quality Program	American Petroleum Institute	Suppliers to the US petroleum industry
Mil-Q-9858	US Dept. of Defense	Suppliers to the US Defense Forces

These Standards exist because many large organisations will not buy from suppliers who cannot give them assurance that they have systems which support quality. These large organisations include Government Defense Departments, Health Departments, car manufacturers such as Ford, Toyota, and General Motors, and Aerospace companies such as Boeing and Lockheed.

Until the mid 1980's these large organisations published their own standards or codes for suppliers to follow, and their staff would audit supplier companies regularly to make sure they followed the code. It was not unusual for a supplier to be audited separately by a number of larger customers, all with their own quality system codes. In some instances suppliers hosted 30 or 40 quality system audits a year from all their major customers.

To reduce the number of audits to which individual suppliers were subjected, the International Organisation for Standards (ISO) published a series of standards in 1987 known as ISO 9000.

Most large purchasing organisations accepted this worldwide standard and ceased to issue their own codes. They also ceased carrying out their own audits and accepted the findings of independent audit companies engaged by supplier companies to check their systems against the ISO 9000 standards. This allowed supplier companies to reduce the number of audits to two or three per year.

Some of the independent audit companies operating in Australia are Lloyds Quality Assurance Services, Standards Australia QAS, Bureau Veritas, Benchmark Certification, SGS QA Services, and NATA.

The ISO 9000 series of QA standards

ISO 9000 is the name of a series of QA standards recognised by over 200 countries around the world and adopted as their national standards for QA. In Australia this series has been named the AS/NZ/ISO 9000 series to identify it more closely with the international standard.

The most important document in the ISO 9000 series is ISO 9001. This is the code against which audits are actually carried out (two other documents, ISO 9002 and ISO 9003, can also be audited against but these are 'cut down' versions of ISO 9001 for companies which do not need to comply with the entire code). All the other documents in the ISO 9000 series provide guidelines and explanations on how to apply ISO 9001.

The principal features of ISO 9001 are

it takes the basic principle of QA (the need for documented systems to support QA), and adds requirements to control system documentation to make sure it is kept up-to-date
it requires companies to carry out their own internal audits of their QA system to make sure it is working properly
it requires the QA system to be constantly monitored to ensure that it is effective, and that changes are constantly made to improve it

These requirements are illustrated in the diagram below.

In addition, ISO 9001 requires organisations to include documented systems in their QA system to cover:

all aspects of basic quality control (inspection, testing, test records, traceability, etc.)
all aspects of a product's life cycle from the time negotiations start with the customer, through the design process, purchasing of raw materials, production, storage, and final delivery

When to use it

The basic principle of QA - working out the best course of action beforehand and communicating it reliably to all those concerned - should be applied whenever a planned process is complex, has implications for other processes, or has wide or repetitious application.

Beyond this, the decision to follow the specifications in a comprehensive published QA standard rests on your organisation's answers to the following questions:

Is your organisation prepared to invest the time to follow the formal discipline required?
Does the law require your organisation's compliance with a specific standard (pharmaceutical manufacturers must comply with the Code of GMP)?
Do your customers insist on your organisation's compliance with a standard (many large companies and Government Agencies and Departments have a policy of preference for suppliers with QA Certification)?

How to use it

You can implement quality assurance in a general way by identifying the tasks, processes, or systems critical to the business and writing clear guidelines and instructions for staff. Use these guidelines and instructions for training and day-to-day reference.

For the tasks, processes and systems covered, this will reduce:

the number of errors
waste of time and materials associated with errors
the number of customer complaints
the number of problems to fix
the time spent on giving day-to-day instructions
the time needed to improve processes and systems (by establishing a stable base)

You can then take this general principle of clearly documenting tasks, processes and systems to the next level by using ISO 9000 (or another appropriate QA system code) as a model for covering all aspects of quality, and for establishing formal disciplines for controlling information accuracy, and reviewing and improving systems.

The two levels of implementation are summarised in the table below. The table also lists the additional things you can do to make your quality assurance easier to apply and even more effective.

What to do	Benefit
Document guidelines and instructions for critical tasks, processes and systems	more consistent results, savings in time and materials, easier improvement
Implement a recognised QA standard	coverage of all key quality related activities, tight control of systems, external recognition through Certification
Improve the readability of information by writing, structuring, and presenting it to professional technical writing standards	information is more easily understood and more readily accessible, greater savings in time and materials
Make information available via computer	quicker and easier access, reduced paperwork, easier to keep up-to-date and accurate, significantly easier to change and improve
Integrate with computerised work flow systems	quicker and easier access, further reductions in paperwork, direct connection with activity

Quality Assurance

ISO9000 Explained

The most important document in the ISO 9000 series is ISO 9001. This is the standard against which most audits are carried out. ISO 9002 and ISO 9003 are 'cut down' versions for companies which do not need to comply with the entire code, and the other documents in the ISO 9000 series provide guidelines and explanations on how to apply ISO 9001.

The ISO 9000 model for QA has 20 key sections designed to:

take the basic principle of QA (the need for documented systems to support quality), and add requirements to control system documentation to make sure it is kept up-to-date
require companies to carry out internal audits of the QA system to make sure it is working properly
monitor the QA system to ensure that it is effective, and that changes are made to improve it constantly.

In addition, ISO 9001 requires that organisations document systems in their QA system to cover:

all aspects of basic quality control (inspection, testing, test records, traceability, etc.)
all aspects of a product's life cycle from the time negotiations start with the customer, through the design process, purchasing of raw materials, production, storage, and final delivery.

It is important to remember that every section of the standard may not apply to an organisation. Whether a section of the standard applies depends on what the organisation does. Each organisation must put together its own ISO 9000 model based on its own circumstances.

The next few pages use the 'HCi Pyramid Model' to demonstrate how various parts of the ISO 9001 model for QA support and guide each other.

Using the 'HCi Pyramid Model' to explain ISO 9000

It is easier to understand ISO9001 and its practical requirements if we divide the standard into 5 fundamental levels of quality related activity, as illustrated below.

Level 1 - Corporate Knowledge

At the base of the ISO9001 model for QA, and supporting the rest of the QA system, is a reliable system of document and data control. There is no point in having a documented system of policies, procedures and reference information if there is no system in place to control what is documented.

Document and data control must cover written procedures, computer systems and information, library and technical data, customer and supplier files, and any other types of records or information which may affect the quality of goods and services.

In short, document and data control means having methods for controlling the currency, accuracy, and authority of all corporate knowledge which is communicated.

Document and data control is the foundation on which the rest of the QA system rests, for without document control information is unreliable, confusing and may not be utilised. Some important considerations for compliance:

What types of documents/files does the organisation have which should be controlled?
Are files and other records organised in a systematic and efficient way? Is the system documented?
Are computer records properly backed-up?

Level 2 - Customer Focus

The main focus of most business activity is satisfying the customer. The customer focus level of the ISO9001 QA model covers the quality-related issues which most directly govern customer satisfaction. These issues may arise at any time between when a customer places an order through to final delivery and after-sales servicing.

Contract Review requires systems for checking that order details are correct and deliverable. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Does the organisation know exactly what each of its customer requires for a particular order?
Is there a system in place to make sure it can fulfil the customer's order before it is accepted?
Is the customer advised about substitutions or delays?

Design Control requires a number of key aspects of the design process to be controlled to ensure customer requirements are met. Some important considerations for compliance:

Does this section of the standard apply to the organisation?
Are the customer's exact needs known?
Are required outcomes defined?
Is the design process monitored and documented?

Purchasing requires all aspects of the supply process to be controlled to make sure that inputs to the production process meet specifications. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Are the organisation's orders specific and detailed?
Have suppliers' quality systems been systematically evaluated?
Does the organisation monitor supplier performance and document problems for further action if appropriate?

Process Control requires that production systems address all the quality needs of products while they are being made or prepared. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Are quality requirements specified for each stage of the production process?
Where process parameters need to be specific, are production staff aware of the exact requirements?

Handling, storage, packaging, delivery and preservation require systems for ensuring that quality is maintained after products have been manufactured until they are in the hands of the customer. Service requires that systems exist to ensure the quality of after-sales service activities. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Is product stored in accordance with optimum product requirements? Are temperature and humidity monitored?
Is packaging adequate and are delivery methods satisfactory to ensure the product will be delivered in an acceptable state?
Is shelf-life monitored to ensure obsolete stock is not shipped?
Is there prompt and thorough response to customer complaints and feedback?
Are service activities designed to ensure customer satisfaction and optimum product performance?

All of these activities focus on the customer and are at the heart of the ISO9000 QA system. They are supported by Document Control, but to operate effectively, they must be guided by internal systems which are also set out in the standard.

Level 3 - System Support

ISO9001 requires that basic quality control activities are carried out to guide the customer focus activities of the business. These are the activities which help assure quality and customer service but which are largely unseen by the customer.

Products or services must be regularly inspected and tested at each critical stage to make sure they meet requirements. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Is there proper inspection of the condition of goods during and after production and during storage?
Are inspection and test criteria defined, and are these appropriate to the circumstances?
Is product performance measured and tested by defined means?

Records of tests must be kept to verify results and analyse trends. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Are records adequately maintained?
Are results of tests monitored and evaluated regularly, and appropriate steps taken where further action is indicated?

Systems must be in place to identify and trace products back to their components so that these can be changed to prevent problems recurring. You must also be able to trace faulty products to customers so that they can be recalled and fixed if a problem is found.

To prevent recurrences of problems, you should also be able to trace back to faulty processes and faulty test equipment. Some important considerations for compliance:

To what extent does this section of the standard apply to the organisation?
Are batch and serial number records properly maintained during production and sale?
Are test equipment records comprehensive and matched to the product being tested?
Test equipment must be correctly calibrated and records kept to prove this.

All equipment which could affect product or service quality should be properly maintained. Some important considerations for compliance:

Does this section of the standard apply to the organisation?
Is all equipment calibrated to a National standard, where appropriate? Is calibration done as frequently as required?
Is maintenance of equipment done properly and are records of maintenance and service kept?

Systematic statistical analysis of quality-related issues should occur where appropriate. Some important considerations for compliance:

Does this section of the standard apply to the organisation?
Are product and service performance monitored by using statistics where appropriate?
Are trends evaluated? Are appropriate benchmarks set for product and service?

All of these internal systems are largely unseen by the customer but operate to ensure a systematic approach to quality in the organisation.

Level 4 - Good Management

Overseeing customer focus and system support issues is the practical input that management makes to quality assurance. ISO9001 specifically sets out the requirements of this input.

Management responsibility requires management to guide and direct systems analysis and development, review the overall effectiveness of the documented policies and procedures and take ultimate responsibility for the quality system. Senior management must regularly analyse quality problem trends and make changes to the system to make them work effectively. All planning must take account of quality issues and plan in accordance with quality requirements.

Training needs must be met through management providing reliable reference information to staff and making sure that they are trained to carry out quality-related tasks.

Internal quality audits or process reviews must be carried out to make sure that the systems are actually being applied and are working. There is no point in having documented policies and procedures if they are not being applied. Internal process reviews can also drive the system's improvement process.

The requirement for process reviews also means keeping proof that specifications are being met, instructions are followed, and that processes are working effectively. Some important considerations for compliance:

Is there a systematic way to review the ways things are done against the requirements of written procedures or other specifications?
Is there a regular review of established procedure?

Part of good management is the need for ensuring that the system can change itself to work better.

Controlling non-conforming product and corrective/preventive action requirements are aimed at making sure that any quality problems are handled when they occur. Organisations must systematically identify quality problems, fix them and investigate their root cause. For persistent quality problems, changes must be made to systems to prevent them from recurring. Some important considerations for compliance:

What happens when it is found that a product or service does not work?
Is performance monitored and are corrective steps taken when necessary? Are these steps documented?
Is all corrective action reactive, are problems prevented before they escalate?

Level 5 - Guiding Values

Apart from the practical input that management must make to QA, the most senior level of management in the company has a fundamental decision to make and to uphold. It must make the commitment to quality, and set out a policy which demonstrates this commitment.

The quality policy guides and directs all other activities of the quality system, and is the overall guiding value of the quality-minded company.

Conclusion

The ISO 9000 model for QA is something like a jigsaw puzzle. An organisation has to decide for itself how the standard applies to its operations, and determine how to implement the requirements of the standard.

No matter what parts of the standard apply to a particular organisation, the aim of ISO 9000 is clear and it is always the same - to ensure that systems are in place to assure the quality of goods and services. If this straightforward goal is remembered, understanding and applying ISO 9000 becomes easier, because the purpose of the standard and its context will clearly determine its application in any given case.