[This series of articles tries to emphasize the benefits of ISO 9001, and how to yield results from each major clause of the standard.]
Clause 7 of ISO 9001:2015 is called “Support” although primarily deals with resources. The intent here is to define the minimum things ISO feels you will need in order to support any functioning QMS.
It’s a long clause, so let’s dive right in.
The first sub-clause is called, simply “Resources,” and then includes six separate sub-sub-clauses defining requirements for:
- 7.1.1: Overall provision of resources – it expects the company will provide the necessary resources as they are needed, otherwise this just becomes a wish list, and not a practical part of the QMS.
- 7.1.2: Resources specific to staffing – it expects the company will provide the necessary “people” required to execute the QMS and all its various functions.
- 7.1.3: Resources specific to infrastructure – it expects the company will provide the necessary equipment, facilities and utilities for QMS and production operations, and then ensure they are suitable and maintained.
- 7.1.4: Resources specific to the work environment – it expects the implementation of specific workplace controls, and management of the overall work atmosphere so that quality is not impacted negatively.
- 7.1.5: Resources specific to inspection and test devices – it expects the company will provide, maintain and control any calibrated tools.
- 7.1.6: Resources specific to “Organizational Knowledge” – it expects the company to implement methods to reduce “brain drain” as people with knowledge may leave, by asking the information to be captured in some way.
In all cases, it’s largely understood — but not explicitly stated in ISO 9001 itself — that these resources will be provided when the company is able to do so, and not immediately upon declaration of need. You don’t get the new equipment or new support personnel the moment you think of it, you have to wait and go out and find or buy them. Don’t use this clause to beat up top management into forcing them to buy stuff by threatening an ISO nonconformity if you don’t get them exactly when you want them; you’ll undo all that hard work of winning over management in one fell swoop.
It’s advised to tackle each of the six aspects separately. The first (7.1.1 on general resource provision) is a freebie, but the others will each need their own defined controls, typically in a procedure for each.
The last one — 7.1.6 on Organizational Knowledge — presents the most challenge, since it’s so confusing unless you already have education or training in what is called “Knowledge Management,” or “KM.” Here I typically point to the QMS set of documents and records, and merely indicate that any company knowledge will eventually get captured there. Just make sure that’s true, then, so your company doesn’t go under if a senior employee retires tomorrow, taking all his knowledge with him.
The next sub-clause is called “Competence,” but it’s really about “training.” ISO expanded the title of the clause thinking that “training” may not be the sole method you use to ensure competence.
Here the standard is asking that you determine what competence levels are needed for each job in the company, and then define those in some way. Then, as you hire or promote people, you first ensure they meet those competency requirements or, if they do not, you provide training to get them up to those levels. In this case, “competence” is generally thought of as being defined as minimum requirements for education, training and/or experience.
The next sub-clause is called “Awareness,” and really should be considered an annex to 7.2 on Competence, as the two fit nicely together. Here the standard is merely saying that in addition to the other training and competence requirements you set in 7.2, you also have to ensure the employees and staff are “aware” of key concepts. Those are the quality policy, their quality objectives, how they contribute to the QMS, and what could go wrong if they don’t follow the QMS. Fairly simple stuff.
The next sub-clause is called “Communication,” and specifically deals with internal communication (a later clause will deal with customer comms.) The standard is actually blank on any requirements at all, here, allowing you to fill them in instead. Just be sure you have suitable and robust methods for conducting internal communication in all directions: top-down and bottom-up. Tying this to your corrective action system, as a means of allowing employees to report problems and make suggestions for improvement, is a great method here. Ensuring an honest “open door policy” with top management is also recommended.
The last sub-clause of section 7 goes into defining the rules for the control of documents and records, called collectively “documented information” in the latest standard. This is a very complicated sub-clause, but effectively nothing has changed since the prior ISO 9001:2008 edition, only the wording, so you may want to go back and read the older version for a clearer view of it; alternatively, I give detailed implementation instructions in Surviving ISO 9001.
The short version is this: documents must be reviewed and approved before release, and then have their release controlled and protected, so that people know where to find their procedures, and can’t alter them without approval. Records, on the other hand, must be captured and filed so they can be retrieved later, with defined retention times and preservation methods; for electronic records, this implies rules for server backups, etc.
The goal here is to ensure that every employee knows where to find their procedures and forms at any time, and can do so with both ease and confidence that they are pulling the latest, approved copies from a central repository. For records, the employees must know how to fill out forms and logs, where and how to file them when complete, and how to retrieve them later if needed (during an audit, for example.) As a bonus, you should put in rules to ensure employees do not knowingly falsify records, a problem that is plaguing industry, but is not directly mentioned in ISO 9001.
Clause 7 must be tempered with some realistic expectations – I can’t stress this enough. Don’t use this clause as a means of trying to “get stuff.” But, when implemented properly, it should result in the following tangible benefits for your company:
- You will have clearly defined requirements for each position, re: minimum education, training and experience. This will help ensure the following: you get the right people for the right positions, and/or you know what training is needed in order to bring people up to speed for the positions you place them in. The alternative is a group of employees who are unqualified and not suited for their jobs, which adds risk to your eventual quality.
- You will identify your resource needs as far as people, equipment, facilities utilities and the work environment, and then will have provided those resources (to the best of your ability), and put in place methods to maintain them over time. You will reduce downtime due to insufficient staffing, or equipment breakdowns, for example.
- Your calibrated equipment will be fully trustworthy, reducing questions about your inspections or tests. This goes far in strengthening the confidence of your customers, too.
- When things go wrong (such as lack of personnel or equipment downtime), you will have pre-determined plans on how to quickly resolve them.
- Your employees will be properly trained and be fully aware of how they each, individually, play a role in the QMS and success of the company. This means everyone — from top management down — so there should be no exceptions here. Everyone has a part to play.
- You will have comprehensive methods of communication, so that management can clearly communicate its vision for how the QMS and company should operate, and then employees can communicate back to management when things aren’t going well or need improvement. In addition, employees will clearly know how to communicate with each other, reducing stress and in-fighting.
- You will have methods to firmly control documents — especially procedures — so that only approved documents are released, and only approved methods used. This will reduce “ad libbing” by employees, which can lead to inconsistent quality. A key component must be that the methods for document control must be simple, and not overcooked, or you may undo the benefit here.
- You will have a solid system for capturing and retaining records, so you can go back and view them later as needed. This is one of those benefits you won’t realize “until you need it,” but trust me — there will come a day when you will need some record from 10 years ago, and will be glad you implemented suitable record controls to support that.
Click here for the full series of articles on The Benefits of ISO 9001:2015.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.