I started with a new company this year and one of my tasks is to help their frail QMS – both to pass the audit AND to improve the business’ performance. (Yes, they actually get that!) Anyway, they barely squeaked by at registration last year, mostly because they really didn't understand 4.1 – not really process-based, everything was quite “departmentalized,” they were doing system audits from a generic checklist, etc, etc. They have little to no metrics – the Policy and Objectives are weak and must be redone. The registrar noted that they expect to see some real defined and measurable objectives next time, and would like to see process based internal audits.
So, I’d like to share my plan with you guys, for a reality check, to make sure I’m on the right track. For reference, at my old company we had a good consultant when we first built the QMS in 2002 – this is really the first time I’ve done it myself. Here’s what I’m planning:
1. Educate management about the process approach. (Done, they like it)
2. Identify the key processes – I know them as Management Processes and Product Realization processes (and sub-processes) (Done)
3. Create a process map (broad brush) showing interaction of the processes.
4. Create process maps for each of the processes, identifying the responsibilities, objectives, inputs, outputs, controls, etc (the PDCA approach)
5. Identify how the existing procedures fit in to the newly identified processes.
a.Identify areas where a procedure (or work inst.) is needed, or exists but really isn’t necessary.
6.Identify where measurements should be taken, but aren’t (from the objectives of the processes)
a.Identify the records (or lack therof) and fix that.
7.While I and others create/edit these docs, I will pressure management to come up with the upper-level Objectives, then we will re-write the Quality Policy, making sure it meshes with the Objectives.
8.After all the process maps, procedures, and work instructions are complete, we will check to make sure that all ISO standard requirements are met (This is a gap analysis, right?)
9.Lastly, we will revise the Quality Manual to include the correct references and linkages.
10.Next we will train everyone to the new system. (Including training auditors in process-based auditing)
11.Then we will schedule and perform the internal audits using a process-based planning checklist and reports. (Many good examples here at The Cove
12.Lastly, we will conduct a management review to analyze the fruits of this effort.
13.Nov. 1, 2006 will be the surveillance audit. I’m hoping this one goes well.
Thanks in advance for any advice! This forum has been a great resource.