Issue



Quality System Requirements


12/01/2002







The new ISO 9001:2000 quality management system requirements focus management on customer satisfaction, quality objectives and the continual improvement of business management systems. The new standard provides a clear link between customer requirements, processes and improvements that was not present in prior standards.

The ISO 9001 standards specify requirements for a quality management system that is applicable across diverse business segments and may be used for internal application by an organization, certification by an independent third party (registrar) or for contractual purposes with a customer. The ISO 9000 series of standards has been adopted as a national quality system standard by most developed countries through the International Organization of Standardization (ISO) since its implementation in 1987. The year 2000 update is process-based, which is a change from the element-based 1994 version.

Semiconductor Industry

Establishing quality management system standards for the semiconductor supply chain began with inspection-focused military standards, coupled with numerous customer "special" requirements. To complicate matters, many suppliers service a diverse customer base, each with its own commodity-specific quality management system requirements.

To effectively manage customer's requirements for quality management systems, organizations must adopt strategies for working smarter, and use their limited resources effectively. Creating commodity-specific standards by the automotive and telecommunications OEMs is a step in the right direction and will enhance the implementation of the ISO 9001:2000 requirements throughout their supply chains. The effect of the proliferation of these sector-specific standards is that a supplier may be required to maintain multiple certifications to please their diverse customer base.

ISO 9001:2000 Principles

Click here to enlarge image

The ISO 9001:2000 standards are based on eight quality management principles (Table 1). The principles provide a basis for performance improvement and organizational excellence. Organizations will take different paths to implementing these due to the complexity of their processes and supplier/customer relationships. It is senior management's responsibility to effectively manage and implement these principles.

The ISO 9000 series of standards is applicable to all product categories, sectors and sizes of organizations. The new revision is easier to use than the 1994 element-based revision and links the quality management system to the organizational processes. The process focus provides clear audit trails and requires measurable results to meet quality objectives. The revision departs from the previous specific 20-element structure to a generic process-based structure, adopting a process management approach generally used in today's businesses. This simple process-based structure is consistent with the "plan-do-check-act" improvement cycle. Also, the standard is more compatible with ISO 14001:1996, the environmental management system requirements.

ISO 9001:2000 Requirements

The ISO 9001:2000 standard contains five major processes or clauses: quality management system, management responsibility, resource management, product realization, and measurement analysis and improvement. A summary of the highlights and changes to these clauses follows:

Quality Management System. The Quality Management System must be an integral part of the business management system. A new requirement is to measure, monitor and analyze processes, then implement actions to achieve planned results and continual process improvement.

The standard allows flexibility in how the system is structured and documented. A quality manual, quality policy, quality objectives and six procedures are required by the standard (control of documents, control of records, training, internal audits, control of nonconforming product, and corrective and preventive action) and must be documented. A process map is required to describe the interaction between processes of the quality management system.

Documents are needed by the organization to ensure effective planning, operation and control of its processes. The nature and extent of the documentation must satisfy contractual, statutory and regulatory requirements.

Management Responsibility. Top management must visibly define and communicate an overall strategy for the quality management system and delegate authority for action. They must be involved in establishing policies and objectives, as well as system design, implementation, maintenance, review and improvement. Customers' needs and expectations must be determined, translated into requirements for processes within the organizations system and met. A quality policy statement must be communicated throughout the organization and reflect management's focus on quality requirements, objectives and goals.

A key new requirement is for quality objectives to be defined by the organization with a focus to direct the organization and drive continual improvement efforts. The quality management system focus is expanded to reflect a broader business management system view. Establishing appropriate communication processes and communication about the effectiveness of the system are new requirements.

The requirements for the management review process have been greatly enhanced, requiring review of audit results, customer feedback, process performance, product conformance, status of preventive and corrective actions, follow-up actions from prior management reviews, changes that may affect the quality management system, and improvement opportunity identification.

Resource Management. The new requirement is for resources to be determined and provided to implement and maintain the quality management system and improve its effectiveness. The human resource requirements have been enhanced to include the requirement that employee competency be based on appropriate education, training, skills and experience. Employees must be aware of the relevance and importance of what they do and how they contribute to the achievement of quality objectives. The new standard contains requirements for maintaining infrastructure such as the facilities, process equipment, hardware and software.

Product Realization. This clause includes requirements for contract review, design, purchasing, production/service process controls, product/process validation, identification, traceability, control of customer property, product preservation and calibration. Organizations must plan the process for product realization, determine resource needs, and define appropriate processes and documentation requirements. There are two types of fundamental processes: realization processes that result in products of the organization, and support processes, which include management processes. A new requirement is for the organization to determine and implement effective arrangements for communicating with customers on product information, inquiries, order or contract handling and changes, and customer feedback, including complaints.

Measurement, Analysis and Improvement. Organizations must plan and implement measurements, and monitor and analyze activities that ensure conformity and achieve improvements in their quality management system and the products/ services it provides. Key to continual improvement efforts is the measurement system, the determination of appropriate methodologies for monitoring and the appropriate use of statistical techniques.

A new requirement is for management to monitor and manage customer satisfaction. Sources of information may include customer complaints, surveys, scorecards, direct communications and media reports. Also, monitoring and measuring of processes is required. Appropriate data shall be collected and analyzed to demonstrate suitability and effectiveness of the quality management system, and to monitor continual improvements.

Audit and Certifications

Prior to the ISO 9001:1987 certification scheme, there were internal audits, customer audits, and some government or military type audits. Each organization had to comply with various customer and regulatory quality system requirements. With the advent of the European community, member countries needed to standardize their quality management system requirements, ISO was created, and the ISO 9000 family of standards was developed to assist organizations of all types and sizes to implement and manage effective quality management systems. Organizations are certified to the standards by accredited registrars or awarded certification through member organizations. Accreditation bodies in their respective countries accredit registrars, and they may hold multiple accreditations. In the United States, the Registrar Accreditation Board (RAB) performs the accreditation of registrars. The proliferation of ISO 9001 and QS-9000 certificates to companies with dissatisfied customers has soured their acceptance as an alternate to customer audits. The third party registrar auditor does not always understand the sector-specific requirements, such as semiconductor assembly and test operations, as well as a customer auditor.

Organizations may select a registrar who will perform the initial certification audit and surveillance audits generally every six months. Some organizations require multiple registrations by customers from different product sectors. Organizations typically become certified due to customer request. Some organizations are self-motivated and become certified as part of their continual improvement efforts, and merge their quality management systems with their business management systems. Some semiconductor manufacturers are recommending a "self-declaration program" to reduce the cost of third party registrations.

Semiconductor Assembly Council

To avoid multiple certifications and customer audits, organizations must work together to define requirements and share resources. The Semiconductor Assembly Council (SAC) provides a model for effective supply chain management that facilitates the implementation of industry-specific requirements through its certification programs. SAC member companies represent several tiers of the semiconductor supply chain, working together to develop and standardize requirements specific to assembly and test processes.

SAC auditors are from members' organizations, typically are customers, are semiconductor experienced and may offer recommendations unlike a third party registrar auditor. Registrar auditors are not allowed to provide recommendations for improvement, they may only identify general opportunities for improvement, such as "reduce rework rate."

SAC Certification Audits

Effectively implementing these new requirements, SAC maps the ISO/TS 16949:2002 (which includes the ISO 9001:2000), the QS-9000, semiconductor-specific process and performance requirements, and criteria for continual improvement into its audit checklist.

To reduce costs and risks for member companies, the SAC certification program involves semiconductor assembly and test services (SATS) providers, semiconductor manufacturers, and their customers, working together to develop the requirements.

Click here to enlarge image

The customers assist the organization with the implement of the SAC requirements, and review their progress. The customer auditors join together and audit using a comprehensive SAC checklist, and share the results with the organization's SAC member customers. The audit reports are standardized and include action plans for nonconformances and response to the opportunities for improvement identified by the audit team. Continual improvement is monitored through review of key performance indicators (KPI). The KPI results are summarized by package families and used for benchmarking (Table 2). SAC certification drives the continual improvement of an organization's quality management system as evidenced by increased audit scores upon recertification.

Conclusion

The ISO 9001:2000 standard provides organizations with a process-based approach to quality management systems, focused on customer satisfaction and continual improvement. Using ISO as a minimum requirement, the semiconductor industry has evolved to understand the importance of customers and suppliers working together to define requirements, share resources and manage continual improvements. The SAC Certification program provides an effective model for supply chain management. The use of semiconductor-specific requirements and clarification of continual improvement criteria should be part of all supplier development programs.

Marla Cooper, VP of Technology and Programs for the Semiconductor Assembly Council (SAC), may be contacted at 4334 Valle Vista, San Diego, CA 92103; (619) 542-1714; Fax: (619) 542-0216; E-mail: [email protected]; Web site: www.sacouncil.org.