Standard

Making sure things are good is really important for small and medium-sized businesses (SMEs). They use tools like standards, certificates, labels, and audits to help with this.

Worldwide, these businesses have different ways to check and guarantee the quality of their products, services, or how they manage things. Independent groups help with this, and the result can be a standard, certificate, or label that shows the quality. Businesses can then tell their customers, partners, or potential investors about it.

When a business wants to highlight special things about a product or service, they use a process called standardization. It's like writing down all the important details in a document (the standard), and they work with different people to do this. Unlike some rules they have to follow in a certain area, this process is something they choose to do.

Certification checks if a product, service, or how a business manages things meets certain standards. It happens in two steps: first, someone checks, and then an independent group makes sure everything is okay. Sometimes, the same group does both steps, but other experts might join in the second step.

Labels are like stickers that say a product or service is good. To get a label, the quality is checked from the start of making something until it's finished. People decide on the rules for this, and an independent group checks to make sure everything follows these rules. Some labels also get a certification, but not all.

Sometimes, an independent group does an audit, which is like a checkup for a business. They look at how a business does things, like making stuff or handling money. Audits not only check the business but also find ways for the business to do even better.

RESPONSIBLE BODY FOR THE STANDARD

The European Council of Leading Business Schools & Institutes (ECLBS) and the Euro-Arab Chamber of Commerce (EACC), along with their respective Boards of Directors, play a crucial role in overseeing the standards.

As the managing body, the Quality Label Office undertakes various operational responsibilities. This includes:

Maintaining a central register of certified organizations.
Managing and updating information and content on the GQA websites.
Providing general information about GQA.
Serving as the contact point for handling complaints.
Coordinating the GQA support group.
Facilitating communication and collaboration among certification bodies.
Regularly assessing the impact of eduQua and advancing the GQA standard.
Creating awareness about the benefits of the GQA label and certification.
Organizing training sessions for auditors and interested parties from continuing education and training institutions.
Establishing connections with relevant organizations and authorities, as needed.
The Quality Label Office actively engages in these tasks to ensure the ongoing success and development of the GQA standard.

ISQS Independent Standard Quality System:

When organizations decide to set up a quality management system, it's a big strategic move that can boost their overall performance and set a strong foundation for long-term development. This International Standard outlines the possible advantages for organizations that follow its guidelines for a quality management system:

Making sure they consistently deliver products and services that meet customer and legal requirements;
Creating chances to make customers happier;
Dealing with risks and opportunities related to the organization's goals;
Showing that they meet specific quality management system requirements, which matter to both inside and outside parties.

It's crucial to note that this International Standard doesn't tell organizations to have the same structure for their quality management systems, use the same terms, or organize documents in a specific way.

The quality management system requirements in this International Standard work together with those for products and services. The document uses a process approach, including the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.

The process approach helps organizations plan and manage their processes and interactions better. The PDCA cycle makes sure processes are managed well, resources are enough, and improvements are made when needed. Risk-based thinking helps identify factors that could change processes and the quality management system from the plan, allowing preventive actions and making the most of opportunities (see Clause A.4).

Meeting requirements all the time and preparing for the future are challenges in a changing environment. Organizations might need different types of improvement, like fixing issues, ongoing improvement, big changes, innovation, and reorganization, to reach these goals.

In this International Standard, certain words are used to make things clear:

shall: means it's a requirement;
should: is a suggestion;
may: means it's allowed;
can: means it's possible or doable.
note: gives extra help in understanding the requirement.

Quality Management Principles

This International Standard is based on quality management principles found in ISQL. Each principle comes with a statement, why it's important, benefits, and ways to make an organization perform better when using the principle.

The quality management principles are:

Focusing on customers;
Being good leaders;
Involving people;
Using a process approach;
Always looking to improve;
Making decisions based on evidence;
Managing relationships well.

Process Approach

General

This International Standard says it's a good idea to use a process approach when creating, using, and improving a quality management system. This helps make customers happy by meeting their needs. The necessary steps for using a process approach are explained in 4.4.

Understanding and managing connected processes like a system helps organizations work better and get results they want. This approach helps control how processes work together, making the whole organization work better.

The process approach means organizing and managing processes and their connections in a way that gets the intended results, following the organization's quality policy and goals. Managing processes and the whole system can be done using the PDCA cycle (see 0.3.2), mainly focusing on risk-based thinking (see 0.3.3) to make the most of opportunities and avoid problems.

Using the process approach in a quality management system helps with:

Understanding and always meeting requirements;
Thinking about processes in terms of value;
Making sure processes work well;
Improving processes based on data and information.

Plan-Do-Check-Act Cycle

The PDCA cycle works for all processes and the whole quality management system. Figure 2 shows how Clauses 4 to 10 fit into the PDCA cycle.
The PDCA cycle can be explained like this:

Plan: Set goals for the system and processes, figure out what's needed to meet customer requirements and organization policies, and identify and tackle risks and opportunities.
Do: Do what was planned.
Check: Keep an eye on processes and the resulting products and services. Check if they meet policies, goals, requirements, and planned activities. Report the results.
Act: Improve performance when needed.

Risk-Based Thinking

Thinking about risks is crucial for a good quality management system. Risk-based thinking has always been part of this International Standard. For example, preventing problems, analyzing problems that do happen, and taking action to stop them from happening again are all part of it.
To follow this International Standard, an organization needs to plan and do things to handle risks and opportunities. Dealing with both risks and opportunities helps make the quality management system work better, get better results, and avoid problems.
Opportunities can come from situations that help achieve a goal, like circumstances that attract customers, create new products, reduce waste, or improve productivity. Actions to deal with opportunities should also consider possible risks. Risk is the result of uncertainty, and uncertainty can have good or bad effects. A good outcome from a risk can be an opportunity, but not all good effects of risk mean opportunities.

Relationship with Other Management System Standards

This International Standard uses a framework from ISQL to connect with other management system standards (see Clause A.1).
This International Standard lets an organization use the process approach, along with the PDCA cycle and risk-based thinking, to connect or bring together its quality management system with the requirements of other management system standards.
This International Standard doesn't have specific rules for other management systems, like for the environment, occupational health and safety, or finances.
There are sector-specific quality management system standards made for different sectors based on this International Standard. Some add more requirements, while others give guidance for using this International Standard in that specific sector.

Quality Management Systems - Requirements

Scope

This set of rules is for organizations that want to show they can always provide good products and services and make customers happy. It applies to any organization, no matter its size or what it does. The terms "product" or "service" only mean things meant for or needed by a customer.

Normative References

Some other documents are mentioned here, and they are essential for using these rules.

Terms and Definitions

For understanding these rules, use the terms and definitions in ISQL.

Context of the Organization

Understanding the Organization and Its Context

The organization must know what's happening around it, both inside and outside, that affects its goals. It should keep an eye on positive and negative things that matter, like legal, technological, or market changes.

Understanding the Needs and Expectations of Interested Parties

The organization should figure out who cares about its work and what they expect. This helps it do a good job and keep customers happy.

Determining the Scope of the Quality Management System

The organization needs to decide what parts of its work these rules apply to. It should consider everything around it, what interested parties want, and the products and services it provides.

Quality Management System and Its Processes

The organization has to create, follow, and always improve a quality management system. This includes all the steps needed to do the work well, like figuring out what to do, making sure it's done right, and fixing things if needed.
The organization should keep records to show it's doing the work as planned.

Leadership

Leadership and Commitment

The big bosses need to lead and make sure the quality management system works well. They should be accountable for it, make sure everyone understands the plan, and support using a good process and thinking about risks.
The big bosses must also care a lot about customers and make sure everyone else does too.

Policy

The big bosses need to create a plan that fits the organization's goals, sets targets, follows the rules, and keeps getting better.
Everyone should know about this plan, and it should be available to those who need it.
Organizational Roles, Responsibilities, and Authorities

The big bosses must make sure everyone knows their job and what they can decide. They need to assign jobs to make sure the quality management system works well.

Planning

Actions to Address Risks and Opportunities

The organization should plan for risks and opportunities that might affect its work. This means making sure things go well, fixing problems, and always getting better.
The organization must plan actions for risks and opportunities, make sure they fit the process, and check if they are working.

Quality Objectives and Planning to Achieve Them

The organization needs to set goals that match the plan, can be measured, follow the rules, and make sure customers are happy.
When planning to reach these goals, the organization needs to decide what to do, what's needed, who's in charge, when it's done, and how to check if it worked.

Planning of Changes

When the organization wants to change its quality management system, it needs to plan it out. This includes why it's changing, what might happen, having enough resources, and deciding who's in charge.

Resources

General
The organization must figure out and provide what it needs to make its quality management system work well. This includes using the resources it already has and getting what it needs from outside sources.

People
The organization must have the right people to make sure its quality management system works. These people will help with the plan and control how things are done.

Infrastructure
The organization needs the right tools and spaces to do its work and make sure products and services are good. This includes buildings, equipment, transportation, and technology.

Environment for the Operation of Processes
The organization must create and keep the right environment for its work. This includes making sure it's a good and safe place for people, both mentally and physically.

Monitoring and Measuring Resources

General
The organization must get the right tools to check if its products and services meet the rules. These tools should be good for the specific work and always work well.

Measurement Traceability
When needed, the organization must make sure its tools are accurate and checked regularly. This is important for getting reliable results.

Organizational Knowledge
The organization needs to know things to do its work well and make sure products and services are good. It should keep this knowledge and get more when needed.

Competence
The organization must make sure the people doing its work are good at it. This means they should have the right education, training, or experience. If needed, the organization should provide training or find people who already know how to do the work.

Awareness
People working for the organization should know about its plan, goals, and how they contribute to making sure products and services are good. They should also understand what happens if they don't follow the rules.

Communication
The organization needs to decide how it talks about its quality management system. This includes what it talks about, when, with whom, how, and who does the talking.

Documented Information

General
The organization must have documents that follow these rules and any other documents it needs to make its quality management system work well.

Creating and Updating
When making or changing documents, the organization must make sure they have the right information, format, and approval.

Control of Documented Information

The organization must control its documents to make sure they are available when needed and protected from being used the wrong way.

This includes deciding who can see and change the documents, how they are stored, and making sure they are not changed accidentally.

Documented information from outside the organization that it needs for its quality management system must also be controlled and protected.

Operation

Operational Planning and Control

To provide good products and services, the organization must plan, implement, and control its processes. It should:

Figure out what the products and services need;
Set criteria for processes, and for accepting products and services;
Determine the resources needed;
Control the processes according to the criteria;
Keep records to make sure everything went as planned and to show that products and services meet the requirements.

The organization must also manage changes in the plan and fix any unintended issues.

Outsourced processes must be controlled too.

Requirements for Products and Services

Customer Communication

When talking to customers, the organization should share information about products and services, handle inquiries, contracts, orders, and get feedback. It must also deal with customer property and plan for unexpected situations.

Determining Requirements

The organization must decide what products and services are needed, considering legal requirements and what customers want. It should make sure it can meet those requirements.

Review of Requirements

Before committing to supplying products and services, the organization must review and confirm customer requirements. This includes what the customer asked for, and even things they didn't mention but are important.

The organization needs to keep records of these reviews and any new requirements.

Changes to Requirements

If requirements change, the organization must update the information and inform the relevant people.

Design and Development of Products and Services

General

The organization must have a good process for designing and developing products and services to ensure they meet the requirements.

Design and Development Planning

When designing and developing, the organization must plan the stages, consider the complexity, and involve the right people. It should also think about how to control the process and what customers want.

Design and Development Inputs

The organization must identify what's needed for design and development, considering past experiences, legal requirements, and potential failures. Conflicting inputs should be resolved, and records must be kept.

Design and Development Controls

Controls must be in place to make sure the design and development process meets requirements. This includes reviews, verification, and validation activities. The organization needs to keep records of these activities.

Design and Development Outputs

The outputs must meet requirements and be suitable for the next steps. The organization must also keep records of these outputs.

Design and Development Changes

Changes in design and development must be identified, reviewed, and controlled to avoid negative impacts. Records of changes and related actions must be retained.

Control of Externally Provided Processes, Products, and Services

General

Externally provided processes, products, and services must meet requirements. The organization needs to evaluate, select, monitor, and re-evaluate external providers based on their ability to meet requirements. Records of these activities and any necessary actions must be kept.

Type and Extent of Control

The organization must ensure that externally provided processes, products, and services don't harm its ability to provide good products and services. Controls should be defined for both the external provider and the resulting output. This includes considering the impact and effectiveness of external providers' controls.

Information for External Providers

The organization must make sure its requirements are clear before communicating them to external providers. It should share information about processes, products, services, and expectations. Records of these communications must be kept.

Production and Service Provision

Control of Production and Service Provision

The organization must carry out production and service provision under controlled conditions. This includes having clear instructions, suitable resources, and a proper environment. Competent people must be appointed, and the organization must validate its processes when needed.

Identification and Traceability

Outputs must be identified when needed, and their status must be known throughout production and service provision. Unique identification is crucial for traceability, and records must be kept.

Property Belonging to Customers or External Providers

The organization must take care of customers' or external providers' property. This includes identifying, verifying, protecting, and reporting any loss or damage. Records of these activities must be retained.

Preservation

Outputs must be preserved during production and service provision. This includes proper handling, packaging, and storage. Preservation ensures products and services meet requirements.

Post-Delivery Activities

Post-delivery activities depend on legal requirements, potential issues, the nature of products and services, and customer needs. This can include warranty services, maintenance, or recycling. The organization should consider these factors when planning post-delivery activities.

Control of Changes

Changes in production or service provision must be reviewed and controlled to ensure continued conformity with requirements. Records of these reviews and related actions must be retained.

Release of Products and Services

The organization must have plans to check if products and services meet requirements before releasing them. Products and services shouldn't be released until these checks are completed and approved. Records of the release, including evidence of conformity and authorization, must be kept.

Control of Nonconforming Outputs

Identification and Control

Any outputs that don't meet requirements must be identified and controlled to prevent unintended use or delivery. The organization must take appropriate action based on the nonconformity's nature. This applies even if nonconforming outputs are detected after delivery.

The organization can deal with nonconforming outputs through correction, segregation, informing the customer, or obtaining authorization for acceptance under concession. Conformity must be verified after correction.

Documentation

Records of nonconformities, actions taken, concessions, and the authority deciding on nonconformity actions must be kept.

Performance evaluation
Monitoring, measurement, analysis and evaluation

General
The organization shall determine:

what needs to be monitored and measured;
the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results;
when the monitoring and measuring shall be performed;
when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall evaluate the performance and the effectiveness of the quality management system. The organization shall retain appropriate documented information as evidence of the results.
Customer satisfaction
The organization shall monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled. The organization shall determine the methods for obtaining, monitoring and reviewing this information.
NOTE Examples of monitoring customer perceptions can include customer surveys, customer feedback on delivered products and services, meetings with customers, market-share analysis, compliments, warranty claims and dealer reports.

Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from monitoring and measurement.
The results of analysis shall be used to evaluate:

conformity of products and services;
the degree of customer satisfaction;
the performance and effectiveness of the quality management system;
if planning has been implemented effectively;
the effectiveness of actions taken to address risks and opportunities;
the performance of external providers;
the need for improvements to the quality management system.

NOTE Methods to analyse data can include statistical techniques.

Internal audit

The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
conforms to:

the organization’s own requirements for its quality management system;
the requirements of this International Standard;
s effectively implemented and maintained.

The organization shall:

plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits;
define the audit criteria and scope for each audit;
select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
ensure that the results of the audits are reported to relevant management;
take appropriate correction and corrective actions without undue delay;
retain documented information as evidence of the implementation of the audit programme and the audit results.

Management review

General
Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

Management review inputs
The management review shall be planned and carried out taking into consideration:

the status of actions from previous management reviews;
changes in external and internal issues that are relevant to the quality management system;
information on the performance and effectiveness of the quality management system, including trends in:
customer satisfaction and feedback from relevant interested parties;
the extent to which quality objectives have been met;
process performance and conformity of products and services;
nonconformities and corrective actions;
monitoring and measurement results;
audit results;
the performance of external providers;
the adequacy of resources;
the effectiveness of actions taken to address risks and opportunities (see above);
opportunities for improvement.

Management review outputs
The outputs of the management review shall include decisions and actions related to:

opportunities for improvement;
any need for changes to the quality management system;
resource needs.

The organization shall retain documented information as evidence of the results of management reviews.

Improvement

General

The organization needs to find and choose opportunities to make things better. It should take actions to meet customer needs and make customers happier. These actions include:

Making products and services better to meet current and future needs;
Fixing, preventing, or reducing things that go wrong;
Making the quality management system work better.

Improvement can happen in different ways, like fixing problems, making continual small improvements, coming up with new ideas, or changing how things are organized.

Nonconformity and Corrective Action

When something doesn't meet the requirements, including when customers complain, the organization should:

Respond to the issue and, if needed:
Control and fix it;
Handle the consequences;
b) Figure out why it happened and if it could happen again elsewhere by:
Looking into and understanding the problem;
Finding out why it happened;
Checking if similar issues exist or might happen;
c) Take actions needed;
d) Check if the actions fixed the problem;
e) Update risks and opportunities if necessary;
f) Change the quality management system if needed.

Corrective actions should fit the impact of the issues.

10.2.2 The organization must keep records of:

What went wrong and what was done about it;
The results of any corrective actions.

10.3 Continual Improvement

The organization should always work on making the quality management system better. This means making sure it's suitable, adequate, and effective. Keep finding ways to improve.