PROCESS MANAGEMENT

Click image to enlarge

GENERAL REQUIREMENTS

Threat4 shall establish, document, implement and maintain a Quality Management System and continually improve its effectiveness in accordance with the requirements of ISO 9001:2008.

Threat4 shall
a) Determine the processes needed for the Quality Management System and their application throughout the organization
b) Determine the sequence and interaction of these processes
c) Determine criteria and methods needed to ensure that both the operation and control of these processes are
d) Ensure the availability of resources and information necessary to support the operation and monitoring of these processes
e) Monitor, measure where applicable, and analyze these processes,
f) Implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of ISO 9001:2008.
Where Threat4 chooses to outsource any process that affects product conformity with requirements, Threat4 shall ensure control over such processes. Control of such outsourced processes shall be identified within the Quality Management System
Processes needed for the Quality Management System referred to above will include processes for management activities, provision of resources, product realization and measurement.

DOCUMENTATION REQUIREMENTS

The Threat4’s Quality Management System documentation shall include

a) documented statements of a quality policy and quality objectives,
b) a quality guidebook,
c) documented procedures and records required by ISO 9001:2008,
d) Documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.

NOTE where the term "documented procedure" appears within this Policy Guidebook, this means that the procedure is established, documented, implemented and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document. The documentation can be in any form or type of medium.

QUALITY GUIDEBOOK

Threat4 shall establish and maintain a quality guidebook that includes

a) The scope of the Quality Management System , including details of and justification for any exclusions,
b) The documented procedures established for the Quality Management System , or reference to them, and
c) A description of the interaction between the processes of the Quality Management System .

CONTROL OF DOCUMENTS

Documents required by the Quality Management System shall be controlled by Threat4. Records are a special type of document and shall be controlled according to the requirements given.

Threat4 shall define and controls documents by:

a) approving documents for adequacy prior to issue,
b) reviewing and update as necessary and re-approve documents,
c) ensuring that changes and the current revision status of documents are identified,
d) ensuring that relevant versions of applicable documents are available at points of use,
e) ensuring that documents remain legible and readily identifiable,
f) To ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the Quality Management System are identified and their distribution controlled, and
g) preventing the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.

CONTROL OF RECORDS

Threat4 shall establish and maintain records to provide evidence of conformity to requirements and of the effective operation of the Quality Management System . Records shall remain legible, readily identifiable and retrievable. Threat4 shall identify, store, protect, provide retrieval, retention time and disposition of records.

MANAGEMENT COMMITMENT

Threat4 Top Management shall provide evidence of its commitment to the development and implementation of the Quality Management System and continually improving its effectiveness by
a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,
b) establishing the quality policy,
c) ensuring that quality objectives are established,
d) conducting management reviews, and
e) ensuring the availability of resources.

CUSTOMER FOCUS

Threat4 Top Management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction.

QUALITY POLICY

Threat4 Top Management shall ensure that the quality policy

a) is appropriate to the purpose of the organization,
b) includes a commitment to comply with requirements and continually improve the effectiveness of the Quality Management System ,
c) provides a framework for establishing and reviewing quality objectives,
d) is communicated and understood within the organization, and
e) is reviewed for continuing suitability.

PLANNING

QUALITY OBJECTIVES

Threat4 Top Management shall ensure that quality objectives, including those needed to meet requirements for product are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy.

QUALITY MANAGEMENT SYSTEM PLANNING

Threat4 Top Management shall ensure that

a) the planning of the Quality Management System is carried out in order to meet the requirements given as well as the quality objectives, and
b) the integrity of the Quality Management System is maintained when changes to the Quality Management System are planned and implemented.

RESPONSIBILITY, AUTHORITY AND COMMUNICATION

Threat4 Top Management shall ensure that responsibilities and authorities are defined and communicated within the organization.

MANAGEMENT REPRESENTATIVE

Threat4 Top Management shall appoint a member of the organization's management who, irrespective of other responsibilities, shall have responsibility and authority that includes

a) ensuring that processes needed for the Quality Management System are established, implemented and maintained,
b) reporting to top management on the performance of the Quality Management System and any need for improvement, and
c) ensuring the promotion of awareness of customer requirements throughout the organization.

The responsibility of the management representative will include liaison with external parties on matters relating to the Quality Management System .

INTERNAL COMMUNICATION

Threat4 Top Management shall ensure that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the Quality Management System .

MANAGEMENT REVIEW

Threat4 Top Management shall review the organization’s Quality Management System , at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the Quality Management System , including the quality policy and quality objectives.

Records from management reviews shall be maintained.

REVIEW INPUT

The input to management review shall include information on

a. results of audits,
b. customer feedback,
c. process performance and product conformity,
d. status of preventive and corrective actions,
e. follow-up actions from previous management reviews,
f. changes that could affect the Quality Management System , and
g. recommendations for improvement.

REVIEW OUTPUT

The output from the management review shall include any decisions and actions related to

a) improvement of the effectiveness of the Quality Management System and its processes,
b) improvement of product related to customer requirements, and
c) resource needs.

PROVISION OF RESOURCES

Threat4 shall determine and provide the resources needed

a) to implement and maintain the Quality Management System and continually improve its effectiveness, and
b) to enhance customer satisfaction by meeting customer requirements.

HUMAN RESOURCES

GENERAL

Personnel performing work affecting conformity to product requirements shall be competent on the basis of appropriate education, training, skills and experience.

Competence, training and awareness

Threat4 shall

a) Determine the necessary competence for personnel performing work affecting conformity to product requirements,
b) Where applicable, provide training or take other actions to achieve the necessary competence,
c) Evaluate the effectiveness of the actions taken,
d) ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives, and
e) maintain appropriate records of education, training, skills and experience

INFRASTRUCTURE

Threat4 shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable
a) buildings, workspaces and associated utilities,
b) process equipment (both hardware and software), and
c) supporting services (such as transport or communication or information systems).

WORK ENVIRONMENT

Threat4 shall determine and manage the work environment needed to achieve conformity to product requirements.

NOTE The term “work environment” relates to those conditions under which work is performed including physical, environmental and other factors (such as noise, temperature, humidity, lighting or weather).

PLANNING OF PRODUCT REALIZATION

Threat4 shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the Quality Management System.

In planning product realization, Threat4 shall determine the following, as appropriate:

a) quality objectives and requirements for the product;
b) the need to establish processes and documents, and to provide resources specific to the product;
c) required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance;
d) records needed to provide evidence that the realization processes and resulting product meet requirements

The output of this planning shall be in a form suitable for the Threat4’s method of operations.

CUSTOMER-RELATED PROCESSES

DETERMINATION OF REQUIREMENTS RELATED TO THE PRODUCT

Threat4 shall determine:

a) requirements specified by the customer, including the requirements for delivery and post-delivery activities,
b) requirements not stated by the customer but necessary for specified or intended use, where known,
c) statutory and regulatory requirements applicable to the product, and
d) any additional requirements considered necessary by the organization.

REVIEW OF REQUIREMENTS RELATED TO THE PRODUCT

Threat4 shall review the requirements related to the product. This review shall be conducted prior to the Threat4’s commitment to supply a product to the customer (e.g. submission of tenders, acceptance of contracts or orders, acceptance of changes to contracts or orders) and shall ensure that:

a) product requirements are defined,
b) contract or order requirements differing from those previously expressed are resolved, and
c) Threat4 has the ability to meet the defined requirements.

Records of the results of the review and actions arising from the review shall be maintained

Where the customer provides no documented statement of requirement, the customer requirements shall be confirmed by the Threat4 before acceptance.
Where product requirements are changed, Threat4 shall ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements.

CUSTOMER COMMUNICATION

Threat4 shall determine and implement effective arrangements for communicating with customers in relation to:

a) product information,
b) enquiries, contracts or order handling, including amendments, and
c) customer feedback, including customer complaints.

PURCHASING

PURCHASING PROCESS

Threat4 shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.

Threat4 shall evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements. Criteria for selection, evaluation and re-evaluation shall be established. Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained.

PURCHASING INFORMATION

Purchasing information shall describe the product to be purchased, including where appropriate

a) requirements for approval of product, procedures, processes and equipment,
b) requirements for qualification of personnel, and
c) Quality Management System requirements.

Threat4 shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier.

VERIFICATION OF PURCHASED PRODUCT

Threat4 shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.

Where Threat4 or its customer intends to perform verification at the supplier’s premises, Threat4 shall state the intended verification arrangements and method of product release in the purchasing information.

PRODUCTION AND SERVICE PROVISION

CONTROL OF PRODUCTION AND SERVICE PROVISION

Threat4 shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable ：

a) the availability of information that describes the characteristics of the product,
b) the availability of work instructions, as necessary,
c) the use of suitable equipment,
d) the availability and use of monitoring and measuring equipment,
e) the implementation of monitoring and measurement, and
f) the implementation of product release, delivery and post-delivery activities.

VALIDATION OF PROCESSES FOR PRODUCTION AND SERVICE PROVISION

Threat4 shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered.

Validation shall demonstrate the ability of these processes to achieve planned results.

Threat4 shall establish arrangements for these processes including, as applicable

a) defined criteria for review and approval of the processes,
b) approval of equipment and qualification of personnel,
c) use of specific methods and procedures,
d) requirements for records and
e) revalidation.

IDENTIFICATION AND TRACEABILITY

Where appropriate, Threat4 shall identify the product by suitable means throughout product realization.

Threat4 shall identify the product status with respect to monitoring and measurement requirements throughout product realization.

Where traceability is a requirement, Threat4 shall control the unique identification of the product and maintain records

CUSTOMER PROPERTY

Threat4 shall exercise care with customer property while it is under the Threat4’s control or being used by the Threat4. Threat4 shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, Threat4 shall report this to the customer and maintain records.

NOTE Customer property can include intellectual property and personal data.

PRESERVATION OF PRODUCT

Threat4 shall preserve the product during internal processing and delivery to the intended destination in order to maintain conformity to requirements. As applicable, preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.

CONTROL OF MONITORING AND MEASURING EQUIPMENT

Threat4 shall determine the monitoring and measurement to be undertaken and the monitoring and measuring equipment needed to provide evidence of conformity of product to determined requirements.

Threat4 shall establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements.

Where necessary to ensure valid results, measuring equipment shall:

a) be calibrated or verified ,or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded
b) be adjusted or re-adjusted as necessary;
c) have identification in order to determine its calibration status;

d) be safeguarded from adjustments that would invalidate the measurement result;

e) be protected from damage and deterioration during handling, maintenance and storage.

In addition, the Threat4 shall assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. Threat4 shall take appropriate action on the equipment and any product affected. Records of the results of calibration and verification shall be maintained

When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application shall be confirmed. This shall be undertaken prior to initial use and reconfirmed as necessary.

GENERAL

Threat4 shall plan and implement the monitoring, measurement, analysis and improvement processes needed

a) to demonstrate conformity to product requirements,
b) to ensure conformity of the Quality Management System , and
c) to continually improve the effectiveness of the Quality Management System .

This shall include determination of applicable methods, including statistical techniques, and the extent of their use.

MONITORING AND MEASUREMENT

CUSTOMER SATISFACTION

As one of the measurements of the performance of the Quality Management System , Threat4 shall monitor information relating to customer perception as to whether Threat4 has met customer requirements. The methods for obtaining and using this information shall be determined.

INTERNAL AUDIT

Threat4 shall conduct internal audits at planned intervals to determine whether the Quality Management System
a) conforms to the planned arrangements, to the requirements of ISO 9001:2008 and to the Quality Management System requirements established by Threat4, and
b) is effectively implemented and maintained.

An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits.
The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

A documented procedure shall be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results.

Records of the audits and their results shall be maintained
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results.

MONITORING AND MEASUREMENT OF PROCESSES

Threat4 shall apply suitable methods for monitoring and, where applicable, measurement of the Quality Management System processes. These methods shall demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate. Company processes identified as measurable shall be identified on the document: "Threat4 General Process Flow".

MONITORING AND MEASUREMENT OF PRODUCT

Threat4 shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements. Evidence of conformity with the acceptance criteria shall be maintained.

Records shall indicate the person(s) authorizing release of product for delivery to the customer.

The release of product and delivery of service to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer.

CONTROL OF NONCONFORMING PRODUCT

Threat4 shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. A documented procedure shall be established to define the controls and related responsibilities and authorities for dealing with nonconforming product.

Where applicable, Threat4 shall deal with nonconforming product by one or more of the following ways:

a) by taking action to eliminate the detected nonconformity;
b) by authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer;
c) by taking action to preclude its original intended use or application.
d) by taking action appropriate to the effects, or potential effects, of the nonconformity when nonconforming product is detected after delivery or use has started.

When nonconforming product is corrected it shall be subjected to re-verification to demonstrate conformity to the requirements.

Records of the nature of nonconformities and any subsequent actions taken, including
concessions obtained, shall be maintained.

ANALYSIS OF DATA

Threat4 shall determine, collect and analyse appropriate data to demonstrate the suitability and effectiveness of the Quality Management System and to evaluate where continual improvement of the effectiveness of the Quality Management System can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources.
The analysis of data shall provide information relating to

a) customer satisfaction
b) conformity to product requirements
c) characteristics and trends of processes and products including opportunities for preventive action, and
d) suppliers (see 7.4).

IMPROVEMENT

CONTINUAL IMPROVEMENT

Threat4 shall continually improve the effectiveness of the Quality Management System through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.

CORRECTIVE ACTION

Threat4 shall take action to eliminate the cause of nonconformities in order to prevent recurrence.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
A documented procedure shall be established to define requirements for

a) reviewing nonconformities (including customer complaints),
b) determining the causes of nonconformities,
c) evaluating the need for action to ensure that nonconformities do no recur,
d) determining and implementing action needed,
e) records of the results of action taken, and
f) reviewing the effectiveness of the corrective action taken.

PREVENTIVE ACTION

Threat4 shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.

A documented procedure shall be established to define requirements for

a) determining potential nonconformities and their causes,
b) evaluating the need for action to prevent occurrence of nonconformities,
c) determining and implementing action needed,
d) records of results of action taken, and
e) reviewing the effectiveness of the preventive action taken.