Implementing An ISO 9001:2000 Quality Management System

Rendered on 1/28/04

Click here to start

Understanding and Implementing
ISO 9001:2000
Implementing An ISO 9001:2000 Quality Management System
An Open Source Document
This document is an Open Source document!
Huh?
• This means it is the result of the input of may people and resources.
• This means YOU can and may participate. If you want something included or have a suggestion, please let me know. You can send some slides in e-mail. Or write me and tell me about what has not been addressed but that you believe should be addressed. If your suggestion is incorporated into the document you will be given credit in the document. You will get updates for free as long as the file is undergoing updates (rumour is I may die someday or decide to do something else with my life so I can’t really use the word forever).
• I will accept and incorporate good ‘patches’ and constructive criticism.
• Telling me of spelling errors doesn’t count, but will be very much appreciated.
• This is how we do things in hackerland; it's a combination of individual visions and collaborative synergy that makes things work. Just as it is in the Cove forums.
Files Included in this Package
About This Document - Contents
• This document is a ‘digest’ from many implementations I have been involved in, information from news group snippets and forums discussions. I have tried to make it as comprehensive as possible given the extreme range of types and sizes of companies and their scopes of implementation. I have also tried to address both simple and complex issues to address the needs of the novice as well as those whose occupation is in the quality field.
• If you are the owner or manager of a small company, you may have heard about ISO 9000. Maybe not. Either way, if you have 10 people or less you probably don’t have anyone with a quality assurance background. On the other hand, if there are 20,000 employees in your company you probably have a quality background which is why you’re here.
• For small companies where there is no one with a quality background implementation can appear to be overwhelming. It’s not that ISO is so difficult. It’s that if you don’t have a good understanding of some of the quality related concepts, such as nonconformance and corrective action systems, it becomes much like taking up a new occupation (after how many years?) or learning a new language.
Sample Flow Charts
There are several resources included.
These are each different sets of flow charts.
° One is a directory of gifs which you can open with your picture editor. Sample_Flow_Charts-jpg_Format is the directory name.
° Map_Examples is a directory with some linked flow charts. Open the file index.html with your browser.
° The file Flow_Charts.ppt has a number of more current flow charts examples (ideas!).
° The file Flowcharting.pdf contains some help on how to make a flow chart.
Major flow charts have details on system requirements.
Introduction
The Purpose of this Presentation is to Provide an Overview of ISO 9000 and to discuss Implementation Methodologies
Implementation Considerations
• You are not the first. Over 345,000 organizations have registered to ISO 9000 by early 2001.
• A main point to remember as you traverse this tome is that each company is different. There is no way I can address every possible type and size of company. The contents represent the basis of a methodology I have used over the last 8 years in implementing ISO 9001 and QS-9000 in facilities as large as 10,000 souls, as small as 8 persons, in companies as large and complex as Motorola, as ‘unusual’ as Harley-Davidson, and as unique as an insurance company. The methodology is structured. Very structured. How closely you follow the path will depend upon your specific circumstances and needs as well as your own beliefs. Some companies go slowly. Some companies do not want a complex project plan. Some companies insist on a complex project plan. But, more on this later.
• As much as anything else, you will have to assess my recommendations with consideration to your circumstances.
Quality Systems
ISO 9000 Family of Documents
ISO9001:2000 DIS Structure
ISO 9001:2000 Vs Baldrige
Malcolm Baldrige National Quality Award Criteria Circa 4/2001
1. Leadership
° Organizational Leadership
° Public Responsibility and Citizenship
2. Strategic Planning
° Strategy Development
° Strategy Deployment
3. Customer and Market Focus
° Customer and Market Knowledge
° Customer Relationships and Satisfaction
4. Information and Analysis
° Measurement and Analysis of Organizational Performance
° Information Management
ISO 9000
The Ultimate Goals of ISO 9001 are:
1. To Provide Consistent Processes
(Documented Systems Provide For Consistency)
With Defined RESPONSIBILITIES
2. Customer Satisfaction
3. Continuous Improvement
Periodic Audits Ensure Systems Are Working
Where Did It Come From?
Liability
By defining practices, Liability is addressed. In fact, the whole ISO 900X series is the reaction to a need to assign
Responsibility
For international trade issues involved in bringing the continent together into the ‘European Union’. The foundation drifted to be a ‘quality standard’.
Liability
• The ISO 9000 series is a vehicle to address liability issues
• Driver was the European Common Market
• Is relevant locally and world wide
Origins
ISO 9001 and Quality
• ISO 9001 Has Nothing To Do With the Quality of a Product or Service
Cement Life Preserver
The Classic Example
• The year 2000 version of ISO 9001 carries a revised title, which no longer includes the term Quality Assurance. This reflects the fact that the quality management system requirements specified in this edition of ISO 9001 address quality assurance of product as well as customer satisfaction.
• See http://Elsmar.com/ubb/Forum5/HTML/000063.html
• Conformance to Specifications
• Consistency of Processes
The Main ISO 900x Documents
• ISO 9000
NEW: Quality Management Systems - Fundamentals and Vocabulary
OLD: Replaces the old ISO 8402:1994
• ISO 9001
NEW: Quality Management Systems - Requirements
OLD: Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing
• ISO 9004
NEW: Quality Management Systems - Guidelines for Performance Improvement
OLD: Quality Management and Quality System Elements - Guidelines
The Stated Intent of ISO 9001
0 INTRODUCTION
0.1 General
This International Standard specifies requirements for a quality management system that can be used by an organization to address customer satisfaction, by meeting customer and applicable regulatory requirements. It can also be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer and regulatory requirements.
The adoption of a quality management system needs to be a strategic decision of the organization. The design and implementation of an organization's quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization. It is not the purpose of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.
It is emphasized that the quality management system requirements specified in this International Standard are complementary to technical requirements for products.
Differences In Sectors
1.2 Permissible exclusions
The organization may only exclude quality management system requirements that neither affect the organization's ability, nor absolve it from its responsibility, to provide product that meets customer and applicable regulatory requirements. These exclusions are limited to those requirements within clause 7 (see also 5.5.5), and may be due to the following:
(a) the nature of the organization's product;
(b) customer requirements;
(c) applicable regulatory requirements.
Where permissible exclusions are exceeded, conformity to this International Standard should not be claimed. This includes situations where the fulfillment of regulatory requirements permits exclusions that exceed those allowed by this International Standard.
Service As A Product
3.1 - product - result of a process
NOTE 1: There are four agreed generic product categories:
- hardware,
- software,
- services,
- processed materials.
Most products are combinations of some of the four generic product categories. Whether the combined product is then called hardware, processed material, software or service depends on the dominant element.
Why Do It?
• I’ll bet either a customer requirement or your sales / marketing folks dreamed this up for you to do, right? Almost all implementations are the result of one or the other. I have never had a client which simply decided to do it because they felt doing so would be beneficial to the company. This is not to say improvement is not an issue. It almost always very much is. But that has never been the spark that initiated the process.
• Many of you know I’m not a proponent of registration per se. For some companies it is a good thing. They lack the internal discipline necessary to ensure people are doing what they are supposed to be doing.
• I am a gung ho proponent of the implementation process. In the very least, it necessitates a serious housekeeping effort. The process typically opens everyone’s eyes to what they are doing and why. Often I refer to the early stages of implementation as the Discovery Phase. I cannot tell you how many times I have heard “I didn’t know we were doing that!” Sometimes it’s scary thinking how far in the dark some people are in so far as knowing and understanding what they’re supposed to be doing goes. Which is pretty far. I have never seen an implementation which did not benefit the company in some way.
Why Do It?
• Process Improvements
° Theoretically, as you implement the system, you have the opportunity to improve your processes. You will outline the current process, add the requirements of the standard and then optimize the process with input from the process users.
• Increased Quality Awareness
° Theoretically, as the system is implemented, quality awareness will increase because all staff must be trained on ISO 9000, staff must be trained on processes as they are implemented and staff will have "ownership" of processes they are involved in developing and improving.
Project Duration
How long will it take?
° An implementation project will typically take about 6 to 9 months, but will range from 3 to 20 months.
° Factors that will affect the timeline include:
∞ Size and complexity of the organization.
∞ Existing systems
∞ How much existing documentation is available which can be used.
∞ Amount of resources available for the project
∞ ISO expertise available.
Simple Schedule
Typical Costs
Payback
• Companies minimize deficiencies in supply and support of products and services.
• Companies identify problem areas and address them quicker.
• Companies identify customer needs more accurately.
• Companies become more consistent in their product and services.
Who’s Doing It & General Issues
The ISO organization publishes a yearly assessment of the ISO 9001 distribution.
° ISO9K-8thCycleSurvey.pdf (through December 1998)
° ISO9K-9thCycleSurvey.pdf (through December 1999)
The Magical Demystifying Tour of ISO 9000 and ISO 14000
° http://www.iso.ch/9000e/magical.htm
A Quality Management System?
System vs. Process
• System
Pronunciation sI stEm
Definition A group of related things or parts that function together as a whole.
Example The school system in our city.
• Process
Pronunciation pra sehs
Definition A systematic sequence of actions used to produce something or achieve an end.
Example An assembly-line process.
What is a System?
• Collection of interacting parts functioning as a whole.
• Collection of subsystems that support the larger system.
• Collection of processes oriented toward a common goal.
• The organization as a system.
Trade Relationships
The Organization as a System, Subsystems, and Processes
Systems and Subsystems
Organization As An Extended System
Organization As An Extended System
Extending Outside the Organization
An Extended System
Measures In The Extended System
Quality Through Process Improvement
What is a Process?
• A series of operations or steps that results in a product or service.
• A set of causes and conditions that work together to transform inputs into an output.
Examples of Processes
Significant and Critical Processes
• Significant Processes
° Are processes by which the mission-essential work of the organization is accomplished.
° Contribute directly to meeting the needs and requirements of customers.
° Can be traced from output (to external customer) back to input (to the organization).
• Critical Processes
° A stage within a significant process.
° One that is deemed as most important for control and improvement.
Special Characteristics
With Regard to QS-9000
• The AIAG defines a Special Product Characteristic as a product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product. Ford Motor Company divides Special Characteristics into two categories: Critical Characteristics and Significant Characteristics
• Critical Characteristics are defined by Ford as product or process requirements that affect compliance with government regulation or safe product function, and which require special actions or controls. In a design FMEA, they are considered Potential Critical Characteristics. A Potential Critical Characteristic exists for any Severity rating greater than or equal to 9. In the process FMEA, they are referred to as Actual Critical Characteristics. Any characteristic with a Severity of 9 or 10 which requires a special control to ensure detection is a Critical Characteristic. Examples of product or process requirements that could be Critical Characteristics include dimensions, specifications, tests, assembly sequences, tooling, joints, torques, welds, attachments, and component usages. Special actions or controls necessary to meet these requirements may involve manufacturing, assembly, a supplier, shipping, monitoring, or inspection.
Characteristics I
• CHARACTERISTIC: A distinguishing feature, dimension or property of a process or its output (product) on which variable or attribute data can be collected. (P39 APQP)
• CHARACTERISTIC, CRITICAL, CHRYSLER DEFINITION: Characteristics applicable to a component, material, assembly, or vehicle assembly operation which are designated by Chrysler Corporation Engineering as being critical to part function and having particular quality, reliability and/or durability significance. These include characteristics identified by the shield, pentagon, and diamond. (49 PPAP)
• CHARACTERISTIC, CRITICAL (INVERTED DELTA), FORD DEFINITION: Those product requirements (dimensions, performance tests) or process parameters that can affect compliance with government regulations or safe vehicle/product function, and which require specific supplier, assembly, shipping, or monitoring and included on Control Plans. (P49 PPAP)
• CHARACTERISTIC, CRITICAL, GM DEFINITION: See Key Product Characteristic. (P49 PPAP)
• CHARACTERISTIC, KEY CONTROL (KCCs): Those process parameters for which variation must be controlled around a target value to ensure that a significant characteristic is maintained at its target value. KCCs require ongoing monitoring per an approved Control Plan and should be considered as candidates for process improvement. (P49 PPAP)
• CHARACTERISTIC, KEY PRODUCT (KPC): Those product features that affect subsequent operations, product function, or customer satisfaction. KPCs are established by the customer engineer, quality representative, and supplier personnel from a review of the Design and Process FMEA’s and must be included in the Control Plan. Any KPCs included in customer-released engineering requirements are provided as a starting point and do not affect the supplier’s responsibility to review all aspects of the design, manufacturing process, and customer application and to determine additional KPCs. (P49 PPAP)
Characteristics II
• CHARACTERISTIC, PROCESS: Core team identified process variables (input variables) that have a cause and effect relationship with the identified Product Characteristic(s) which can only be measured at the time of occurrence. (6.3 #20 APQP)
• CHARACTERISTIC, PRODUCT: Features or properties of a part, component or assembly that are described on drawings or other primary engineering information. (6.3 #19 APQP)
• CHARACTERISTIC, PRODUCT, CRITICAL (D), CHRYSLER DEFINITION: A defect which is critical to part function and having particular quality, reliability, and durability significance. (QS-9000)
• CHARACTERISTIC, PRODUCT, MAJOR, CHRYSLER DEFINITION: A defect not critical to function, but which could materially reduce the expected performance of a product, unfavorably affect customer satisfaction, or reduce production efficiency. (QS-9000)
• CHARACTERISTIC, PRODUCT, MINOR, CHRYSLER DEFINITION: A defect, not classified as critical or major, which reflects a deterioration from established standards. (QS-9000)
• CHARACTERISTIC, PRODUCT, SAFETY/EMISSION/NOISE (S), CHRYSLER DEFINITION: A defect which will affect compliance with Chrysler Corporation and Government Vehicle Safety/Emission/Noise requirements. (QS-9000)
• CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION “Shield <S>: Specifications of a component, material, assembly or vehicle assembly operation which require special manufacturing control to assure compliance with Chrysler Corporation and government vehicle safety requirements. (QS-9000)
Characteristics III
• CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION: Specifications which require special manufacturing control to assure compliance with Chrysler or government vehicle safety requirements. (P50 PPAP)
• CHARACTERISTIC, SIGNIFICANT, CHRYSLER DEFINITION: Special characteristics selected by the supplier through knowledge of the product and process. (QS-9000)
• CHARACTERISTIC, SPECIAL: Product and process characteristics designated by the customer, including governmental regulatory and safety, and/or selected by the supplier through knowledge of the product and process. (P104 APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>: Specifications of a component, material, assembly or vehicle assembly operation which are designated by Chrysler as being critical to function and having particular quality, reliability and durability significance. (QS-9000)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>: Specific critical characteristics that are process driven (controlled) and therefore require SPC to measure process stability, capability, and control for the life of the part. (Appendix C QS-9000) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Pentagon” <P>: Limited to highlighting Critical characteristics on (Production) part drawings, tools and fixture, and tooling aid procedures where ongoing process control is not automatically mandated. (Appendix C QS-9000) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Shield” <S>: Engineering designated specifications or product requirements applicable to component material, assembly operation(s) which require special manufacturing control to assure compliance with governmental vehicle safety, emissions, noise, or theft prevention requirements. (Appendix C QS-9000) & (Appendix C APQP)
Characteristics IV
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Critical Characteristic” <Inverted Delta>: Those product requirements (Dimensions, Specifications, Tests) or process parameters which can affect compliance with government regulations or safe Vehicle/Product Function and which require specific producer, assembly, shipping or monitoring actions and inclusion on the Control Plan. (Appendix C QS-9000) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant Characteristic - SC” <None>: Those product, process, and test requirements that are important to customer satisfaction and for which quality planning actions shall be included in the Control Plan. (Appendix C QS-9000)
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant/Characteristic - S/C” <None>: Characteristics that are important to the customer and that must be included on the Control Plan. (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Fit/Function” <F/F>: Product characteristic for which reasonably anticipated variation is likely to significantly affect customer satisfaction with a product (other than S/C) such as its fits, function, mounting or appearance, or the ability to process or build the product. (Appendix C QS-9000) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S/C>: Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as: flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix C QS-9000)
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S>: Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as: flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix C APQP)
Characteristics V
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Standard” <None>: Product characteristic for which reasonably anticipated variation is unlikely to significantly affect a product’s safety, compliance with governmental regulations, fit/function. (Appendix C QS-9000) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, PROCESS (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A process characteristic for which variation must be controlled to some target value to ensure that variation in a special product characteristic is maintained to its target value during manufacturing and assembly. (P57 FMEA)
• CHARACTERISTIC, SPECIAL, PRODUCT: Core team compilation of important product characteristics from all sources. All Special Characteristics must be listed on the Control Plan. (6.3 #19 APQP)
• CHARACTERISTIC, SPECIAL, PRODUCT (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product. (P55 FMEA)
• CHARACTERISTIC, SPECIAL, TOOLING, CHRYSLER DEFINITION “Pentagon” <P>: Critical tooling symbol used to identify special characteristics of fixtures, gages, developmental parts, and initial product parts. (QS-9000)
• CONTROL ITEM PART, FORD DEFINITION: Product drawings/specifications containing Critical Characteristics. Ford Design and Quality Engineering approval is required for changes to Control Item FMEA’s and Control Plans. (QS-9000)
Critical Characteristics Matrix
What Is A Quality Management System?
• In the Words of the ISO Folks:
° “Both ISO 9000 and ISO 14000 are known as generic management system standards.”
° “Generic means that the same standards can be applied to any organization, large or small, whatever its product – including whether its ‘product’’ is actually a service – in any sector of activity, and whether it is a business enterprise, a public administration, or a government department.”
• What this amounts to is the ISO 9001 requirements are what the ISO folks have determined to be ‘Best Practices’ in a business. The ISO folks comment that these are “…now available to small companies…”. I contend they always have been and, in fact, most of my smaller clients had well established systems which functioned quite well to begin with. It’s hard to say that their ISO registration process was particularly value added. As with the vast majority of companies, they were required by one or more customer(s) to register. Or the sales folks saw registration as a potential for increased sales (everyone’s doing it).
What is a QMS?
Are we talking about ISO 9001 or QS-9000 or what, here?
To start out, let’s discuss what you are planning to do. Throughout this document you will see ISO 9001 and QS-9000 cited. We are, at the bottom level, talking a System. With respect to ISO 9001 (and QS-9000 and TS 16949 for that matter) it is called a Quality Management System. With the ISO 9001:2000 release, page vi defines it in a diagram. Below is the version from the DIS. ISO 14001 requires an Environmental Management System.
ISO 9001:2000 QMS ‘Process Model’
ISO 9001:2000 QMS ‘Process Model’
One of the interesting parts of this system is Continuous Improvement of the Quality Management System is specified as the result. Not improvement of the product. One can argue if you improve you quality system the product should improve as well. However, this is just not always the case.
ISO 14001:1996 EMS ‘Process Model’
The below is from page vi of ISO 14001:1996.
Notice it is not drawn as a closed loop system as is the ISO 9001 system.
The ISO Standards
ISO 9000:2000 Quality management systems – Fundamentals and vocabulary
Establishes a starting point for understanding the standards and defines the fundamental terms and definitions used in the ISO 9000 family which you need to avoid misunderstandings in their use.
ISO 9001:2000 Quality management systems – Requirements
This is the requirement standard you use to assess your ability to meet customer and applicable regulatory requirements and thereby address customer satisfaction.
ISO 9004:2000 Quality management systems – Guidelines for performance improvements
This guideline standard provides guidance for continual improvement of your quality management system to benefit all parties through sustained customer satisfaction.
ISO 19011 Guidelines on Quality and/or Environmental Management Systems Auditing (currently under development)
Provides you with guidelines for verifying the system's ability to achieve defined quality objectives. You can use this standard internally or for auditing your suppliers.
ISO 10005:1995 Quality management – Guidelines for quality plans
Provides guidelines to assist in the preparation, review, acceptance and revision of quality plans.
ISO 10006:1997 Quality management – Guidelines to quality in project management
Guidelines to help you ensure the quality of both the project processes and the project products.
ISO 10007:1995 Quality management – Guidelines for configuration management
Guidelines to ensure that a complex product continues to function when components are changed individually.
Required Level II Flow Charts (Procedures)
4.2.3 Control of Documents
4.2.4 Control of Quality Records
8.2.2 Internal Audit
8.3 Control of Nonconformity
8.5.2 Corrective Action
8.5.3 Preventive Action
Some Other Expected Process Maps
° Product ID / Traceability ( 7.5.2)
° Customer Property (7.5.4)
° Preservation of Product (7.5.5)
° Validation of Processes (7.5.2)
° Process Measurement / Monitoring (8.2.3)
° Product Measurement / Monitoring (8.2.4)
° Analysis / Improvement (8.4, 8.5)
ISO 9001 Distilled - 4
4 Quality management Systems
° Systemic Requirements.
4.1 General Requirements
° Establish your quality system.
° Develop your quality management system.
° Identify the processes that make up your quality system.
° Describe your quality management processes.
° Implement your quality management system.
° Use quality system processes.
° Manage process performance.
° Improve your quality management system.
° Monitor process performance.
° Improve process performance.
ISO 9000 Distilled - 4.2
4.2 Documentation Requirements
° Document your quality system.
4.2.1 General
° Develop quality system documents.
• Develop documents to implement your quality system.
• Develop documents that reflect what your organization does.

4.2.2 Quality Manual
° Prepare a quality system manual.
• Define the scope of your quality system.
• Document your procedures.
• Describe how your processes interact.
ISO 9000 Distilled - 4.2.3
4.2.3 Control of Documents
° Approve documents before your distribute them.
° Provide the correct version of documents at points of use.
° Review and re-approve documents whenever you update them.
° Specify the current revision status of your documents.
° Monitor documents that come from external sources.
° Prevent the accidental use of obsolete documents.
° Preserve the usability of your quality documents.

4.2.4 Control of Records
° Use your records to prove that requirements have been met.
° Develop a procedure to control your records.
° Ensure that your records are useable.
ISO 9000 Distilled - 5
5 Management Responsibility
5.1 Management Commitment
° Support quality and promote the importance of quality.
° Promote the need to meet customer, regulatory, statutory requirements.
° Develop and support a quality management system.
• Formulate your organization's quality policy.
• Set your organization's quality objectives.
• Provide quality resources.
° Implement your quality management system
• Provide resources to implement your quality system.
• Encourage personnel to meet quality system requirements.
° Improve your quality management system
• Perform quality management reviews.
• Provide resources to improve the quality system.
ISO 9000 Distilled - 5.2
5.2 Customer Focus
° Satisfy your customers.
° Identify customer requirements.
Expect your organization to identify customer requirements.
° Meet your customers' requirements.
Expect your organization to meet customer requirements.
° Enhance customer satisfaction.
Expect your organization to enhance customer satisfaction.
ISO 9000 Distilled - 5.3
5.3 Quality Policy
° Define and establish your organization's quality policy.
• Ensure that it serves your organization's purpose.
• Ensure that it emphasizes the need to meet requirements.
• Ensure that it facilitates the development of quality objectives.
• Ensure that it makes a commitment to continuous improvement.
° Manage your organization's quality policy.
• Communicate your policy to your organization.
• Review your policy to ensure that it is still suitable.
ISO 9000 Distilled - 5.4
5.4 Planning
° Carry out quality planning.
5.4.1 Quality Objectives
° Formulate your quality objectives
• Ensure that objectives are set for functional areas.
• Ensure that objectives are set at organizational levels.
• Ensure that objectives facilitate product realization.
• Ensure that objectives support the quality policy.
• Ensure that objectives are measurable.
5.4.2 Quality Management System Planning
° Plan the development of your quality management system.
° Plan the implementation of your quality management system.
° Plan the improvement of your quality management system.
° Plan modifications of your quality management system.
ISO 9000 Distilled - 5.5
5.5 Responsibility, Authority and Communication
° Control your quality system.
5.5.1 Responsibility and Authority
° Clearly define responsibilities and authorities.
° Communicate responsibilities and authorities.

5.5.2 Management Representative
° Assign a Management Representative.
• Oversees your quality management system.
• Reports on the status of your quality management system.
• Supports the improvement of your quality management system.
ISO 9000 Distilled - 5.5.3
5.5.3 Internal Communication
° Support internal communications.
° Ensure
• Internal communication processes are established.
• Ensure that communication occurs throughout the organization.
5.6 Management Review
° Perform management reviews.

5.6.1 General
° Review quality management system.
° Evaluate
• The performance of your quality system.
• Evaluate whether your quality system should be improved.
ISO 9000 Distilled - 5.6.2
5.6.2 Review Input
Examine
• Management review inputs.
• Audit results.
• Product conformity data.
• Opportunities to improve.
• Feedback from customers.
• Process performance information.
• Corrective and preventive actions.
• Changes that might affect your system.
• Previous quality management reviews.
5.6.3 Review Output
Generate
• Management review outputs.
• Actions to improve your quality system.
• Actions to improve your products.
• Actions to address resource needs.
ISO 9000 Distilled - 6
6 Resource Management
6.1 Provision of Resources
Identify
• Quality resource requirements.
• Resources needed to support the quality system.
• Resources needed to improve customer satisfaction.
Provide
• Quality system resources.
• Resources needed to support the quality system.
• Resources needed to improve customer satisfaction.
6.2 Human Resources
° Provide quality personnel.
ISO 9000 Distilled - 6.2.1
6.2.1 General
° Use ‘competent’ personnel and Ensure:
• Your personnel have appropriate experience.
• Your personnel have appropriate education.
• Your personnel have appropriate training.
• Your personnel have appropriate skills.
6.2.2 Competence, Awareness and Training
° Define acceptable levels of competence.
° Identify training and awareness needs.
° Deliver training and awareness programs.
° Evaluate effectiveness of training and awareness.
° Maintain a record of competence.
ISO 9000 Distilled - 6.3
6.3 Infrastructure
° Provide an infrastructure for quality.
° Identify during planning:
• Infrastructure needs.
• Building needs.
• Workspace needs.
• Hardware needs.
• Software needs.
• Utility needs.
• Equipment needs.
• Support service needs.
ISO 9000 Distilled - 6.3
6.3 Infrastructure (continued - I)
° Provide Needed:
• Infrastructure
• Buildings
• Workspaces
• Hardware
• Software
• Utilities
• Equipment
• Support services
ISO 9000 Distilled - 6.3
6.3 Infrastructure (continued - II)
° Maintain your:
• Infrastructure
• Buildings
• Workspaces
• Hardware
• Software
• Utilities
• Equipment
• Support services
ISO 9000 Distilled - 6.4
6.4 Work Environment
° Provide a quality environment.
• Identify needed work environment factors needed to ensure products meet requirements.
• Manage needed work environment factors needed to ensure products meet requirements.
ISO 9000 Distilled - 7
7 Realization Requirements

7.1 Determination of Requirements Related to the Product
° Control realization planning.
° Plan product realization processes.
° Define product quality objectives and requirements.
° Identify your product realization needs and requirements.
° Develop product realization:
• Processes
• Documents
• Record keeping systems
° Methods to control quality during product realization.
ISO 9000 Distilled - 7.2
7.2 Customer Related Processes
° Control customer processes.

7.2.1 Identify customers' product requirements
° Identify Requirements that:
• Customers want you to meet
• Are dictated by the product's use
• Are imposed by external agencies
• Your organization wishes to meet

7.2.2 Review customers' product requirements
° Review requirements before you accept orders from customers.
° Maintain a record of your product requirement reviews.
° Control changes in product requirements.
ISO 9000 Distilled - 7.2.3
7.2.3 Customer Communication
° Communicate with your customers.
° Develop a process to control communications with customers.
° Implement your customer communications process.
7.3 Design and Development
° Control product development
7.3.1 Design and Development Planning
° Have a Design System (Planning).
° Define your product design and development stages.
° Clarify design and development responsibilities and authorities.
° Manage interactions between design and development groups.
° Update your design and development plans as changes occur.
ISO 9000 Distilled - 7.3.2
7.3.2 Design and Development Inputs
° Define design and development inputs.
• Specify product design and development inputs.
• Record product design and development input definitions.
• Review product design and development input definitions.

7.3.3 Design and Development Outputs
° Define and create product design and development outputs.
° Approve design and development outputs prior to release.
° Use design and development outputs to control product quality.
ISO 9000 Distilled - 7.3.4
7.3.4 Design and Development Review
° Perform and record results of product design and development reviews.
7.3.5 Design and Development Verification
° Perform and record results of design and development verifications.
7.3.6 Design and Development Validation
° Perform and record results of product design and development validations.
ISO 9000 Distilled - 7.3.7
7.3.7 Control of Design and Development Changes
° Identify and record results of changes in product design and development.
° Review and record results of changes in product design and development.
° Verify changes in product design and development.
° Validate changes in product design and development.
° Approve changes before they are implemented.
ISO 9000 Distilled - 7.4
7.4 Purchasing
° Control purchasing function with a system.
7.4.1 Purchasing Process
° Maintain control purchasing process.
• Ensure that purchased products meet requirements.
• Ensure that suppliers meet requirements.
7.4.2 Purchasing Information
° Document product purchases.
• Describe the products being purchased.
• Specify the requirements that must be met.
ISO 9000 Distilled - 7.4.3
7.4.3 Verification of Purchased Product
° Verify products you purchase.
• Verify purchased products at your own premises.
• Verify purchased products at suppliers' premises (when required).
ISO 9000 Distilled - 7.5
7.5 Production and Service Provision
° Control your operational activities.

7.5.1 Control of Production and Service Provision
° Control production and service:
• Processes
• Information
• Instructions
• Equipment
• Measurements
• Activities
ISO 9000 Distilled - 7.5.2
7.5.2 Validation of Processes for Production and Service Provision
° Validate production and services.
• Prove that:
° Special processes can produce planned outputs.
° Process personnel can produce planned results.
° Process equipment can produce planned results.
7.5.3 Identification and Traceability
° Identify and track your products (when appropriate).
• Establish the identity of your products (when appropriate).
• Maintain the identity of your products (when appropriate).
• Identify the status of your products (when appropriate).
• Record the identity of your products (when required).
ISO 9000 Distilled - 7.5.4
7.5.4 Customer Property
° Protect property supplied by customers.
• Identify property supplied to you by your customers.
• Verify property supplied to you by your customers.
• Safeguard property supplied to you by your customers.
7.5.5 Preservation of Product
° Preserve your products and components:
• During internal processing.
• During final delivery.
ISO 9000 Distilled - 7.6
7.6 Control of Monitoring and Measurement Devices
° Use devices to ensure that your products meet requirements.
° Identify monitoring and measuring needs.
° Identify the monitoring and measuring that should be done.
° Select monitoring and measuring devices that meet your monitoring and measuring needs.
° Calibrate monitoring and measuring devices.
• Perform calibrations.
• Record calibrations.
° Protect monitoring and measuring devices.
• Protect your devices from unauthorized adjustment.
• Protect your devices from damage or deterioration.
° Validate monitoring and measuring software.
• Validate monitoring and measuring software before you use it.
• Revalidate monitoring and measuring software when necessary.
ISO 9000 Distilled - 8
8 Measurement, Analysis and Improvement
8.1 General
° Plan your measurement processes.
• How measurement processes will be used to assure conformity.
• How measurement processes will be used to improve the system.
° Implement and perform measurement processes.
• Use measurement processes to demonstrate conformance.
• Use measurement processes to improve quality management system.
ISO 9000 Distilled - 8.2
8.2 Monitoring and Measurement
° Monitor and measure quality.
8.2.1 Customer Satisfaction
° Monitor and measure customer satisfaction.
• Identify ways to monitor and measure customer satisfaction.
• Monitor and measure customer satisfaction.
• Use customer satisfaction information.
ISO 9000 Distilled - 8.2.2
8.2.2 Internal Audit
° Plan and perform regular internal audits.
• Set up an internal audit program.
• Develop an internal audit procedure.
• Plan your internal audit projects.
• Perform regular internal audits.
° Solve problems discovered during audits.
° Verify that problems identified have been solved.
ISO 9000 Distilled - 8.2.3
8.2.3 Monitoring and Measurement of Processes
° Monitor and measure quality processes.
• Use suitable methods to monitor and measure your processes.
• Take action when your processes fail to achieve planned results.
8.2.4 Monitoring and Measurement of Product
° Monitor and measure product characteristics.
• Verify that product characteristics are being met.
• Keep a record of product monitoring and measuring activities.
ISO 9000 Distilled - 8.3
8.3 Control of Nonconforming Product
° Develop a procedure to control nonconforming products.
• Define how nonconforming products should be identified.
• Define how nonconforming products should be handled.
° Identify and control your nonconforming products.
• Eliminate / Correct product nonconformities.
• Prevent the delivery or use of nonconforming products.
• Avoid the inappropriate use of nonconforming products.
° Re-verify nonconforming products that were corrected.
• Prove that corrected products now meet requirements.
° Control nonconforming products after delivery or use.
• Control events when you deliver or use nonconforming products.
° Maintain records of nonconforming products.
• Describe your product nonconformities.
• Describe the actions taken to deal with nonconformities.
ISO 9000 Distilled - 8.4
8.4 Analysis of Data
° Analyze quality information. Define:
• Quality management information needs.
• Information you need to evaluate your quality system.
• Information you need to improve your quality system.
° Collect quality management system data.
• Monitor and measure the suitability of your quality system.
• Monitor and measure the effectiveness of your quality system.
° Provide quality management information:
• About your customers.
• About your suppliers.
• About your products.
• About your processes.
ISO 9000 Distilled - 8.5
8.5 Improvement
° Make quality improvements
8.5.1 Continual Improvement
° Improve quality management system
• Use your audits to generate improvements.
• Use your quality data to generate improvements.
• Use your quality policy to generate improvements.
• Use your quality objectives to generate improvements.
• Use your management reviews to generate improvements.
• Use your corrective actions to generate improvements.
• Use your preventive actions to generate improvements.
ISO 9000 Distilled - 8.5.2
8.5.2 Corrective Action
° Correct nonconformities.
• Review your nonconformities.
• Figure out what causes your nonconformities.
• Evaluate whether you need to take corrective action.
• Develop and take corrective actions to prevent recurrence when they are necessary.
• Record the results that your corrective actions achieve.
° Examine the effectiveness of your corrective actions.
ISO 9000 Distilled - 8.5.3
8.5.3 Preventive Action
° Prevent potential nonconformities.
• Detect potential nonconformities.
• Identify the causes of potential nonconformities.
• Study the effects of potential nonconformities.
• Evaluate whether you need to take preventive action.
• Develop and take preventive actions to eliminate causes.
• Record the results that your preventive actions achieve.
° Verify and document the effectiveness of your preventive actions.
Implementation
Implementing ISO 9001:2000
• Some of you will be implementing in small companies. Some of you will be implementing in very large companies. In this document there is a mix of information. Some is appropriate to larger companies and some is targeted to smaller companies. In general it should be obvious but the rule of thumb is the bigger the company the more complex the issues become. Multi-nationals are the most complex, as one would expect.
• While this presentation is aimed at ISO 9001, it applies to ISO 14001 and QS-9000 as well, for the most part. There are a number of additional issues associated with QS-9000, however in general the intent is the same in so far as the ISO 9001:1994 requirements basis. Implementing ISO 9001 vs. QS-9000 is no different. From sweeps to document mapping, you have to determine what you have, what you need and how you want to get to the finish line.
• Do not forget that implementing a QMS is a project.
The Fed Ex Registration
Food for thought… Discussion at: http://Elsmar.com/ubb/Forum2/HTML/000078.html
Subject: RE: ISO 9001 Certified Virtual Office
Just as a point of clarification, the Fed-Ex audit approach was an exception to the rule. You are correct in stating that registrars need to follow rules for multi-site sampling. In this unique case, the RAB did approve the unusual approach used by the registrar. The exception was approved due to the unique design of Fed-Ex's systems. It is unlikely that another organization will duplicate these systems. Therefore, we should not expect to see this unique audit approach used for other organizations.
Indeed it was a virtual audit because hundreds of field offices were audited without the auditor physically being there. My agreement of confidentiality does not allow me to share more with you. Unless you fully understand how the Fed-Ex systems is set up, it is difficult to see that conducting a virtual audit is possible. It remains a controversial certification because of the approach used and the fact that it has not yet been used at another organization.
A Consultant?
Basic Reasons To Consider A Consultant
• To help plan your project
° An efficient implementation begins with a solid plan, taking into account those things you need to work on, leaving out those things which are already in place, and developing an accurate estimate of how long each implementation phase should take.
• To help interpret the standard
° A consultant who understands the standard's requirements can prevent wasted time doing things the standard does not require, or doing things in a way that does not meet the standard. You do not want to have to undo any of your hard work.
• To allow you to benefit from experience
° Using a consultant allows you to begin work right away without having to learn things on your own, and without having to learn by your mistakes.
• To watch your timeline
° A consultant can work with your steering team and ISO point teams and make sure the work is done within the time allowed on the timeline.
Role of Consultant - Piano Teacher?
• ‘Full Service’
On-site full-time for the duration of the project. Various roles & Responsibilities.
• Visits - As Required
Track progress through interviews (meetings) and ‘internal audits’. Address interpretations issues. Help with systems design.
• Internet / Phone
Verify systems documents
Discuss interpretations and systems
Answer general questions
NOTES: Training can be applied to any of the above but is on-site.
Internet / Phone is always available
Deliverables
• Dependent Upon The Client’s Needs and Expectations
• Must Be Agreed To In Advance
• May Change During Project
• May Include:
Project Management
Systems Design
Systems Documentation
Training
Internal Auditing
Implementation Guarantees
• Some companies offer ‘guarantees’. Consider the details / requirements carefully.
• Typical Disclaimer Example
“ The ISO 9001 Network guarantees that your company will achieve ISO 9001, QS-9000, or ISO 14000 certification if you follow our program.” - From http://www.isonet.com/Gaurantee.htm (sic)
• The time it takes to implement a system is inversely proportional to the company’s involvement and prioritization. As involvement and/or priority increases, time decreases. Pretty much a ‘no brainer’.
Example Guarantee Program
8-Step Guaranteed Registration Plan
PIC has now designed a cost effective training and consulting package to help your organization achieve registration -- GUARANTEED!
Our philosophy is to assist your company in developing and applying the skills necessary to plan, implement and achieve registration.
Our 8-Step Guaranteed Registration Plan includes:
1. ISO/QS-9000 Introduction Seminar - Training
2. ISO/QS-9000 Awareness Sessions - Training
3. ISO/QS-9000 Needs Assessment - Consulting
4. ISO/QS-9000 Implementation/Documentation - Training
5. ISO/QS-9000 System Development, Consulting, Coaching, Training
6. Choosing a Registrar - Consulting
7. Part A: ISO/QS-9000 Internal Auditor Training
Part B: Internal Auditor Site Coaching - Training
8. Part A: Pre-Assessment Audit - Consulting
Part B: Registration Audit - Consulting
A Consultant? Some Last Thoughts...
1. Prepare a statement outlining the nature, scope and objectives of the assignment.
2. Circulate this written statement to the key people in your organization inviting them to comment by a specific date in terms of whether it defines the need accurately and whether the assignment should be tackled internally or external help sought.
3. Define the expertise you will need.
4. Invite the consultant for an interview.
5. Brief the staff who will be involved in the selection process.
6. Avoid organization jargon.
7. Ask the consultant to describe how the assignment will be approached.
8. Request references, in confidence, to provide real examples of previous assignments carried out and check with the referees how successfully the assignment was carried out. Do not buy on price alone.
9. Express the assignment you wish carried out in terms of the end results, i.e. outputs, that you want to achieve.
10. IF YOU PROCEED… Provide resources and executive commitment. There is no point in seeking consultancy help unless you have the will, the resources and the organization resolve to follow the advice you get.
Implementation - The Process
Implementation Strategies
• Compressed Project
Drop Dead Date
High Priority Project Management Approach
Intimate high level management involvement
Regular Scheduled Meetings
• Business As Usual
Low stress
Low Priority Project Management Approach
Slipping schedule not critical
Irregular Meetings
• Meandering
Slipping schedule not important
Low level management support / involvement
Irregular meetings
Project tends to ‘Fade Away’
Project Scope Considerations
• Single Location
Current company / facility status
Scope of registration
Training needs
Implementation strategy
Resource allotment
• Multiple Locations
Single or shared certificate
Degree of shared documentation
Degree of shared data / information systems
Network Capacity / Capability
NOTE: Single location considerations all apply to multiple location projects.
Implementation Commandments
• You cannot give someone a responsibility without publicly conferring authority to act.
• If top management doesn’t care, no one else will care.
• If planned meetings are not attended, ‘someone’ isn’t serious about their part in the project.
• Track the project publicly. Publicize status weekly or bi-weekly.
• Communication may not be everything, but it is the largest single stumbling block. No camps with walls.
• If people do not have enough time to begin with, they won’t have time for this.
Initial Basic Suggestions
• I suggest you make and use a ‘history’ binder.
• Make a list of your departmental ‘responsibilities’.
Think INPUTS and OUTPUTS
• Prioritize each into ‘Tiers’ or ‘Levels’ in accordance with the Document Pyramid herein. Categorization is approximate.
• Make a Plan or Schedule for each.
• Always ask, as the auditor will:
“ Does this affect the quality of our product(s)?”
‘ Standard’ General Registration Path
• Assess your situation (Pre-assessment)
Also called Gap Analysis
• Consultant?
• Define a plan with time line & begin
• Interview and choose registrar
• Documentation processes
• Manage transitional activities
• Registrar document review
• Registrar pre-assessment
• Corrective actions
• Registration audit
Implementation time frame: 3 months to 2 years
Top Level Project Flow
‘ Typical’ Detailed Implementation Steps Example
1 Determine Specific Requirement(s)
2 Define Time to Complete Requirement
3 Define Scope of Assessment
4 Project Set-Ups
5 Write Company Quality Systems Manual
6 Document Company Quality Policy
7 Define Documentation Systems
8 Document Master Numbering System
9 Establish Master Binders
10 Procedures History Binder
11 Project Master Binder
12 Review Status
13 Contact Registrar
14 Agree on Scope
15 Agree On Fees (Try to Bargain)
16 Agree On Audit Date(s)
17 Submit Required Documentation
18 Review Status
19 Awareness & Information Meetings - Hourly
20 ISO 9000 Awareness
21 Work Instructions & Documentation
22 Auditee Training
23 Awareness Reinforcement
24 Review Status
25 Tier 2 (Systems) Documentation
26 Gather Documentation Examples
27 Cross-Area Teams Define & Flow Chart Master Systems
28 Systemic Needs Analysis (Data From Walk-Thrus & Audits)
29 Determine & Integrate Additional Systems Requirements
30 Systems Procedural Documentation & Flow Chart Integration
Project Definition
Defining Responsibilities
Example Organizational Chart
Before you do anything else, be sure you have defined responsibilities from the top down. This is the typical method - An Organizational Chart.
Top Management
• ISO talks about 'Top Management'. Pundits talk about how ISO can only succeed if 'Top Management' is involved. Just who is Top Management?
• In your registration it will depend upon your company. I have argued that top management support is not always necessary for an implementation to succeed. In fact, often the 'real' top management of a company is hardly, if at all, involved. This is very common in sole proprietor situations. The owner, though involved in the business to some degree, essentially delegates all responsibility to a plant manager or other position. The owner often never even meets the registration auditors.
• You have to take a good look at your company structure to determine who, in your company or facility, will be the 'targets' (Top Management).
• See Clause_Interp_and_Upgrading.doc for details.
Responsibilities
Let's talk about Responsibilities
• There are a number of ways to look at defining responsibilities.
° Organizational Charts
• Smaller companies usually only require a single 'org chart'. I have seen some put it right in the front of their 'quality manual'.
• Many companies have numerous organizational charts from high level 'corporate masters' down to the level of each individual department. In larger companies, it should be noted, that these are typically in a state of flux. New 'positions' are made and others are eliminated. It is important for you to note that these are Controlled documents. A somewhat common failure mode is a loss of control or not defining who is responsible for the control of the organizational charts.
° Matrices
° Procedures
Other Responsibilities
• The following are matrices used to define responsibilities in another way. We have discussed org charts, procedures and such, but what about people knowing what they are responsible for knowing and following?
• Typically this is done during employee training. But - right now we're implementing. How do we know who is responsible for knowing about what and who is responsible for what systems.
• The following slides are from an old implementation, however they may serve to illustrate tracking a large implementation project.
An Example Area ‘Element Responsibility’ Chart
Department Specific Responsibility Tracking
Typical Failure Modes
• Can’t explain systems and/or documentation
• Lack of management involvement
• Personnel not following documentation
• Poor communication and/or training
• Lack of documentation
• No or inadequate document control
• Poor record keeping and systems
• More details at http://www.Elsmar.com/failure.html
Critical Success Factors
• Dedicated ‘Company Knowledgebase’
(Coordinator and/or Management Representative)
• Pre-assessment (document and interview)
• Involved, supportive top management
• Receptive culture
• Focus on business rather than functional areas
• Prioritize processes based on customer needs, anticipated benefits, and potential for success
United States - IRS Deduction Ruling
• IRS Revenue Ruling 2000-4
Implementation costs are tax deductible in the same year.
Registration costs and registration upkeep costs are tax deductible in the same year.
• Internal man hours
• Internal capital expenses
• Consultant fees
I have seen combined implementation / registrar costs as low as US$10,000 and as high as US$10+M.
A Plan - Think Project
Example Project Plan Snippet
Support of Upper Management?
On 2/7/01 12:31 PM in article jEfg6.51$t52.2005@bgtnsc05-news.ops. worldnet.att.net, WL at xxxx@worldnet.att.net wrote :
>> You could bet your house on the statement "never, ever has
>> there been an implementation of any quality system without
>> top management's full support".
>>
>> Many champions of change have tried, and been fired for their
>> insubordination.
Nonsense. Many implementations do, in fact, succeed without the 'full' support of top management. Change your statement to read "...without some support from top management..." and I'll agree. Also see the Project Kickoff slide herein.
A Management Committee
Most companies establish a management committee (Steering Committee) to ensure buy-in and to ensure communication. No one likes dictates and surprises in an implementation project.
Obviously if there are only 25 employees in your company a committee may not make sense. However, this does not reduce the necessity to appropriately (we must use common sense here) communicate with employees to ensure everyone has a chance to buy into the process, provide inputs and to respond to outputs.
Project Kickoff
Many companies schedule a Kickoff Meeting to establish the project as official. While it is typical for ‘upper management’ (the ‘top dog’) to play a mostly invisible part in the project, the ‘top dog’ should be at this meeting as well as other ‘upper’ and middle management folks. The ‘top dog’ should (must?) voice his/her total support for the project.
This is where top management personally pledges support for the project.
What Does This Mean To YOU?
• Check your local newspaper ‘Help Wanted’ advertisements.
• You will see ISO9000 Experience Preferred or ISO9000 Experience Required.
• No matter where you go in the world, working in an ISO 9000 environment is a Plus in employment.
Premise
• Old:
The other shift must have done that.
That’s not my job.
I’m manufacturing (or quality or whatever...)
They brought it to me that way.
• New:
Check incoming.
It is everyone’s job to Be Involved and to Care.
We’re all one company! It’s your job, too!
Communicate!
Discovery! The Sweeps!
• Open your eyes during this Discovery Period - there are things you can’t see.
• Ask yourself about what your jobs are and the details of each job.
• Self Inspection - Be aware of the output of your jobs. You are responsible.
• Be looking for improvements at all times.
• Remember that we are not here to blindly document everything.
Success Based Upon
• Communication - ensure your ‘borders’, talk to your neighbors.
• Communication - your business is a machine where many parts must ‘talk’ to each other.
• Communication - tell your neighbor your problems and listen to your neighbor’s problems.
Old and New
• Most of your audits up until now have been Product and Process audits by Customers.
• ISO9000 is a Systems audit which focuses on all systems and all products. A significant feature is a focus on process interactions.
Remember -- The Idea is NOT....
• To start a lot of new documentation. Scott Adams is wrong (Dilbert). Not everything, like handling (often), has to be documented. But - we must use common sense.
• To change the way you do things every day.
• To ‘Right Every Wrong’. Take the easy stuff and change it. Take the ‘Hard’ stuff - Identify it and make a Plan to address the issue
The Basics
Say What You Do
This means document your systems so you will consistently do the job the same way every time. We must make sure we have appropriate documentation. Use common sense!
Do What You Say
This is what the auditors want to see. Objective evidence that what you say you are doing in your documentation is what you are doing in practice.
Things to Know
• Know what documentation affects YOU!
You must know what documentation applies to your job. This should have been told to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
• You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
• You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
• Know what training you have had. If you do not know, ASK YOUR SUPERVISOR NOW! Don’t wait until the audit!
Organization and Friendliness
• Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
• Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Managers Should Think About...
• Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
What is your company policy on white-out?
• Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
• Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Last Things to Think About
• Employee Training - System in Process
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
• SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
• Work Areas
Are Work Areas Clean and Orderly?
• Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
A “War Room”
(Status and Tracking)
Discovery and Classification
Define Document Types
(Classifications)
More on Documentation
Interviewing A Registrar
Basics
• I want to remind you that choosing a registrar is like choosing a life partner. While it may not be ‘Until death do us part’, it is quite close.
• The intent herein is not for every question to be asked, but rather as a sort of check list to jog your thoughts with respect to YOUR company’s requirements.
Do remember that anything not discussed early is subject to interpretation later!
• Some important starters:
Who (e.g.: RAB) is the registrar approved by?
Will the registrar provide client names and references?
How many Man days and how many Auditors? (Registration vs Surveillance)
How do they conduct surveillance visits? Scheduled or unscheduled?
Note: There is some redundancy of questions within this presentation.
Inform & Discuss
• Plant Layout - Have a copy to give them for planning.
• Number of shifts and employees per shift - What shifts will be audited? What hours?
• Pre-assessment Audit? - If so, Scope. I prefer the preassessment to be limited to an in-house document and systems review (Quality Manual, all tier [level] 2’s and any related documentation). My concern is less ‘are the folks following documentation’ than ‘is the documentation and are the systems acceptable’ to the registrar. We can assure the folks are following documentation internally. Note: One company I spoke with charged for a Pre-assessment whether you had one or not. I was told that if they did not do a pre-assessment they would have to spend more time during the registration assessment.
NOTE: Documentation failure is the most common registration failure mode.
• DoD and other Sensitive Areas - Make sure everyone agrees on how they will address the ‘Secret’ / ‘Top Secret’ aspects of your company’s business. This will probably be a function of scope.
About The Auditors
• What are the registrar’s qualifications requirements for auditors? (for hiring or using an auditor) Are the auditors trained and certified under ISO 10011 (guidelines for auditing quality systems)?
• How many organizations has the typical auditor certified? (Audits per year)
• How many assessors does the registrar have?
• What is the turnover rate for assessors in the registrar’s company? If there is high turnover that will affect the consistency of the assessment service they provide.
• How are auditor substitutions handled?
• Does the company provide training for auditors and other personnel to keep them abreast of developments in their specific discipline? Are there training records? Frequency of training?
• Will he/she/they (auditor[s]) be available for an interview for your company to assess their suitability? (I doubt you will really want to do this, but many big companies do this.)
Questions & Thoughts 1
• What are your requirements as a registrar above and beyond ISO9001?
Request hard copy of their ‘Contract Requirements’
Ask if there are any requirements not on their ‘Contract Requirements’ listing.
• Are the registrar’s auditors direct hire full-time employees or are they contract?
• Will your company have the same Lead Auditor every audit (a Project Lead Auditor)?
NOTE: Most registrars ‘appoint’ a specific person as a project manager (project lead auditor or what ever the registrar calls it). Ask about how the registrar you are interviewing structures their projects.
• Will the registrar send the Project Lead Auditor on each audit or will a substitute be assigned for surveillance audits?
• Will only the Lead Auditor have experience in the industry or will every member of the audit team?
Questions & Thoughts 2
• How far in advance do they notify you of an impending audit, and provide you with an audit schedule. This will help you prepare for the audit easily if they provide at least 6 weeks.
• How many hours per day is planned during an audit? Some companies consider a day in-plant as 6 hours saying the other time is ‘report writing’ time.
• Ask the registrar to explain the details of their billing.
• Are there any extra charges and tie this down in a written quote. Are travel and lodging expenses covered by the bid? Rental car(s)? There are stories of some companies charging extra for each non-conformance report.
• What quality system does the registrar have in place? Request a copy of their Quality Manual.
• Will they provide you with their internal audit schedule and results of audits and corrective and preventative action?
Questions & Thoughts 3
• How long will it take them to issue you a certificate once they have recommended you for approval?
• How long has the registrar been in business, and do they have any European or Far East affiliates in the registration business?
• If you will one day be going for ISO14000, does the registrar support this standard as well, and would they be able to combine (thereby reducing the man-days at your site, and $s) the ISO9000 audit with the 14000 audit?
• Who does documentation assessment and who does the audit? What is their experience / qualifications?
The Audits
• How many Man Days?
Registration Audit
Surveillance Audits
• How many weeks in advance do they provide the detailed audit schedule?
• Is there a ‘Complete’ re-audit every three years? Or do they audit on a ‘continuous’ basis?
• Surveillance Audits
Frequency - Every 6 months or yearly? (Ask their thoughts)
How much is audited in each surveillance audit?
Communications
• I want to address this briefly, but note it is very important. One registrar I dealt with took over a month to respond to questions. A week maximum is appropriate. I’ve seen phone calls to be returned forgotten. This area can be critical to your company. You want a responsive registrar.
How long does it take their office to respond to questions (typically)?
If it becomes necessary to speak with the Project Lead Auditor, how is that done and how soon after the request will the Project Lead Auditor contact your company?
Specification Interpretations
One of the biggest complaints with ISO9001 is interpretation of the standard. Each auditor has his/her own paradigm and thus expectations. This is one of the reasons why having the same auditors is preferred. This is also the reason why I prefer the pre-assessment be limited to an on-site document review where the auditors set up in offices or a conference room. There they review the Quality Manual against the level 2’s in interviews. Level 3 documents are reviewed and objective evidence provided as requested - however, this is all done in the conference room, NOT on the floor. In short - Are our systems acceptable.
This type of audit is a Verification Audit as opposed to a Validation Audit which is where they actually hit the floor. Now - the 2 big questions:
1) How are disputes with an audit finding handled? Ask them to explain their system. (Request a copy of their procedure!)
2) How does the registrar ensure consistency of interpretations within their company? Some companies have weekly in-house meetings, some have conference calls, some do nothing. THIS IS IMPORTANT!!!
What’s In A Contract Anyway?
• When you get a copy of the registrar's contract, read every word and try to imagine the worst possible scenario. Some time back when I was casting about for a registrar, one sent me a contract which stated the following for audit costs:
• XXXXXX "reserves the right to increase charges during the certification period".
• Another said: "...approximately 45 days prior to the anniversary date of certificate issuance, XXXXXX shall notify the client in writing of the annual costs to maintain the certificate."
• These appear to me to be licenses to steal. It would seem prudent to get these things tied down in your initial contract.
• Remember: Contract Review!
Audit Nonconformance Questions
• How shall we be notified of non-conformancies or deficiencies?
• What is the typical response time allowed for initial response to a nonconformance identified during an audit:
Major nonconformance
Minor nonconformance
• Will a nonconformance during the initial assessment require a partial or follow up assessment to verify corrective action? If yes, what shall the cost of follow up audits be?
NOTE: Typically if there are 1 or more MAJOR non-conformances, they have to make a return visit. Minors are typically followed up by mail, FAX, etc.
• Can we be recommended for certification if there are still some minor open non-conformances? Determine details.
• How many months of internal audit records do you require before scheduling an audit?
Project Actions
Sweeps - The Discovery Phase
Sweeps
Where to Start - Documentation
Discovery Inventory
Identification
• Choose a method of verifying a swept area.
• One method I have used it to obtain some sheets of adhesive labels (we used the small coloured dots). You might want to make sure they are ‘easy peel’ labels. Label every drawer, shelf and other area swept ‘as you go’. Person checking initials, dates and places the dot where it is easily seen.
Sweeping An Area - I
Things to look for:
Documents
• Local “How To…” documents
• Specifications
• Prints
Forms, Tags
Measurement and Test Equipment
Where to look:
On every shelf
In every drawer
At every work station
On every wall
Under every table, desk, etc.
Sweeping An Area - II
Things to ask yourself as you look:
Documents
• Is there a date on the document?
• Does it appear to be ‘valid’ (current)?
• If it is a hand written document or a company ‘memo’, is there a name or department on it? Whose is it?
• Is it a system document? What system?
Shelves
• What is on the shelf? Is it garbage?
• Is the shelf labeled? Are some shelves labeled and some not labeled? If so, why?
• If the shelf is labeled, does what is on the shelf match the shelf label?
Some Things To Think About...
Work Instructions
• Does Your Job Have Relevant Work Instructions? Does It Need Work Instructions?
• Are Work Instructions Controlled?
• Is Each Signed & Dated?
• Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
• Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
• If So, Are They Signed and Dated?
Measurement & Test Equipment
• Is All Measurement and Test Equipment Calibrated and properly Labeled?
Equipment Preventive Maintenance
• Are All Equipment PMs Up To Date and to a Schedule?
More(!) Things to Think About
Defective Material
º Is Defective Material Identified and Segregated? How?
º Is A Defective Material ‘HOLD’ Area Identified?
Work Areas
º Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
º Is Each Properly Labeled (Identified)?
º Are They Where They Are Supposed To Be?
Employee Training
º Do You Know the Training Requirements Of Your Job Position?
º Is Each Employee Trained? How do we know?
º Where Are Training Records Kept?
º Are Training Records Up To Date?
Organization and Friendliness
• Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
Is there anything like glue or ink which has an expiration date?
• Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Discovery Phase (Sweeps) Check List
Discovery Phase Check List
Documentation - The Details
Why the Stress on Documentation?
• The majority of failures in both QS and ISO 9000 registration efforts has been, and continues to be, 4.2 Documentation Requirements (QS element 4.5).
• This issue is almost always evident from my first visit and I believe we all know this is typically a deep problem.
• Discontinuity is often discovered in the documentation. Even Quality Manuals are shown to have invalid links.
• Auditors will focus on the continuity and flow of documentation. Inconsistencies can keep the facility from passing the registration audit.
What is Documentation?
• Documentation is much talked about. There are different types. At Motorola, for example, there are corporate 12M’s. Sectors each have SOPs and maintains a Quality Systems Manual. Each facility has their own specific documentation (which must correlate with Sector and corporate documentation. There is also process documentation in the manufacturing areas.
• Everyone uses documentation outside of work. If you buy something (like a clock), there are instructions in the box. That is documentation.
• Think of documentation as instructions. Documentation explains how to do things.
• The auditor’s job is to make sure everyone is ‘Following Instructions’.
An Everyday Work Instruction
This is the ‘Work Instruction’ which comes with an aquarium heater. It gives the user some basic information. Note that there are graphics (several in multiple languages) in addition to the basic text. There is also a ‘selection’ guide for the purchaser.
What is Controlled Documentation?
• A controlled document is typically one that is Revision sensitive - BUT - Not always!!
• If a controlled document is changed, a record of the change has to be made. This means we must have a History of All Changes.
• If a document is changed, people who use it must know about the change. This means there has to be a distribution list or other effective way to let everyone who uses it know the document has changed.
• Every employee must know how to check to see if documentation they are using is the most current version.
‘ Standard’ Documentation Pyramid
Documentation
• Organization Charts
• Procedures
• Forms
• Tags
• Prints
• Specifications
• Statistical Data
• Inspection & Test Results
Myths vs. Truths
• Documentation Is Meant To Be Easily Changed
• The Less Documentation, The Better
Basic Rules
• Your Job & Documentation
SAY What You Do
Documentation
DO What You Say You Do
Actions
• If It’s Not WRITTEN Down, It DIDN’T Happen
Quality Records
What Are Quality Records?
• Any record where data is taken where the data is a result of inspection and/or test
• Any record which provides for traceability
• Nonconformance related documents
The bottom line here is we have to review our documents in a general sense and identify those which relate to quality issues
Typical Types of Records
• Management Review Records
• Contract Review Records
• Purchasing (Purchase Orders)
• Identification and Traceability
• Process Control
• Inspection and Test Reports and Records
° Qualification Reports
° Validation Reports
° Material Review Reports
• Control of Measurement and Test Equipment
° Calibration Reports/Data
• Non-conforming Product
° Disposition Records
• Corrective and Preventive Action
• Internal Quality Audits
• Training Records
Records Management Activities
• Management of Active records
• Records creation (forms)
• Design of records system
° Retention schedule
° Vital records protection
• Development of records procedures
° Indexing
° Filing
° Access
° Disposition
Records Required By ISO 9001:2000
5.6.1 Management review minutes / etc.
6.2.2 (e) Education, training, skills and experience.
7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
7.3.2 Design and development inputs.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.3.7 Results of the review of design and development changes and any necessary actions.
7.4.1 Results of supplier evaluations and actions arising from the evaluations.
7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
7.5.3 The unique identification of the product, where traceability is a requirement.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results.
8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
8.5.2 Results of corrective actions.
8.5.3 Results of preventive actions.
Document Mapping
Document Mapping
• In a structured system, there are ‘levels’ of documentation. In general terms we have the description of documentation in levels or tiers. As we learned earlier there are typically 4 tiers of documentation in an organization (excluding Ad Hoc documents).
• The top tiers normally guide the content and focus of the bottom tiers. In short, each successive lower tier is DEPENDENT upon the upper tier which defines it. This is said to be a ‘Flow Down’ of requirements.
• Higher level documents normally cite lower level documents. These citations are important as they form a ‘trail’ which can be followed. The top level documents tend to be general and to some extent vague while the lower level documents provide increasing detail.
• Sometimes the reverse also happens - lower level documents cite higher level documents internally. There is controversy as to whether this is ‘good’ practice. In my opinion, requirements should Never flow up.
• Document mapping is more important now than ever as mature companies shift towards interdisciplinary (cross-functional) communication and operation. The old way was for departments to ‘pass off’ to another department. The new way causes everyone to be involved. In short, the rise of the importance of Teams requires documentation to be more integrated and consistent - and thus the need for control is greater. This is also the reason for the ‘review’ requirement.
Mapping Aspects
• Mapping starts at the top with the QA Systems Manual. This may be a sector manual or it may be a local manual.
• Validation - When you map documents, you ‘verify’ links between documents (where one document cites another within it). The first thing to verify is that the cited document exists.
• A second aspect of mapping is to verify that the content of the citation is relative. This is to say that the links should ‘make sense’. If a citation in one document says something like “The audit will be performed in accordance with procedure ABC-1234” and procedure ABC-1234 is titled ‘Calibration of Pressure Gages’, it is evident that the link is NOT Valid! It does not make sense!
• After verifying that the linked document both exists and that the links are ‘relative’ and make sense, the document is mapped to the matrix relative to the mapping project. In our case the matrix is QS 9000 line items against the document ‘class’.
Document Tiers & Classes
• It is uncommon to find ‘Pure’ documents. That is to say, it is not very often you find a document which one can clearly define as ‘only’ Tier I or Tier II or Tier III. In almost all cases there is some cross over. A good example is a Tier III document which becomes a Tier IV document. In this case we have a document which is a Tier III Procedure with some places which which will eventually be filled with data - which will then make it a Record (Tier IV).
• The idea of a defined border and thus a pure document is fine, but is seldom actually seen. Normally the closest you will come is with the Quality Systems Manual. A QSM will normally be the ‘purest’ document you will find within any given system.
• Purity is to some degree a function of company size. A company with only 20 to 50 employees with simple processes will generally have little need for ‘pure’ structure. The necessity of structure in very large companies necessitates a more defined documentation structure in large part due to necessary overall complexity.
• Also consider the idea of document classes. Classes may include production documents, engineering documents, Human Resources documents, maintenance documents, etc. From this we should understand there are usually several classes of documents in any given tier.
• Document classes are related to document tiers. In most companies there are multiple document ‘classes’. These classes are always Tier II or lower.
High Level Documentation Structure
Local Documentation Tiers
Typical Documentation Tiers
Flow Up vs Flow Down
• Not all documents have flow down requirements.
• Flow downs are normal.
• Flow downs generally reference lower level documents, but references are not mandatory.
• Flow Ups MUST *NEVER* be found.
Documentation Compliance Considerations
Mapping - Two Aspects
Line Item Matrix Mapping
Determination of Required Documents
• Once you have completed mapping your documents, you want to revisit your requirements matrix. You have gone through an initial Gap Analysis where a determination was made as to what systems exist and which ones do not. Typically the Gap Analysis gives you an idea of what Level II documents and systems are required. At this point we want to look at what Level IIIs and Level IVs exist.
Summary
Mapping internal documents is:
• Verify internal reference documents exist and that the names and numbers ‘make sense’
• Verify that the link subject matter makes sense and that requirements flow down
• Find where the document fits in the ISO 9001 line item matrix
• Examine matrix for redundancy
Process Mapping
Why Process Maps?
Typical Top Level Operations Flowchart
Business As A System (Process)
Use a Process Flow Chart!
Because:
• You want to understand your current process
• You are looking for opportunities to improve
• You want to illustrate a potential solution
• You have improved a process and want to document the new process
Creating a Process Flow Chart
1. Identify the process or task you want to analyze. Defining the scope of the process is important because it will keep the improvement effort from becoming unmanageable.
2. Ask the people most familiar with the process to help construct the chart.
3. Agree on the starting point and ending point. Defining the scope of the process to be charted is very important, otherwise the task can become unwieldy.
4. Agree on the level of detail you will use. It’s better to start out with less detail, increasing the detail only as needed to accomplish your purpose.
Creating a Process Flow Chart
5. Look for areas for improvement
• Is the process standardized, or are the people doing the work in different ways?
• Are steps repeated or out of sequence?
• Are there steps that do not ad value to the output?
• Are there steps where errors occur frequently?
• Are there rework loops?
6. Identify the sequence and the steps taken to carry out the process.
7. Construct the process flow chart either from left to right or from top to bottom, using the standard symbols and connecting the steps with arrows.
8. Analyze the results.
• Where are the rework loops?
• Are there process steps that don’t add value to the output?
• Where are the differences between the current and the desired situation?
Early Process Flow Diagram
Flowchart
Benefits of Using Flowcharts
• Promotes understanding of a process
• Identifies problem areas and opportunities for process improvement
• Provides a way of training employees
• Depicts customer-supplier relationships
Symbols Used In Flowcharts
Basic Flow Chart Example - High Level
Basic Flow Chart Example - High Level
Flow Chart Example - Low Level
Process Map Elements
Process Map Elements
Process Map Elements
7 Steps to Process Mapping
Process Mapping Worksheets
Process Mapping Steps 1 and 2
Process Mapping Step 3
Process Mapping Step 4
Process Mapping Step 4
Job Descriptions
• At this time you should be looking at what job descriptions you have and determining what job descriptions you need.
• Please don’t forget job descriptions!
Process Mapping Step 4
Process Mapping Step 5
Process Mapping Step 6
Internal Audits
Internal Audits
• You must complete at least 1 full round of internal audits prior to your registration. In addition, you have to show at least one example of where a nonconformance was identified and corrected. You must also show where you verified the effectiveness of the corrective action.
• Drive your implementation through Internal Audits.
• You can use internal audits as a method of training departmental managers and others. As you go through the audit, you explain the basics of that person’s responsibilities with respect to ISO 9001. You can also explain the basics of ISO 9001, go over the Quality Policy, etc.
• These internal audits may prove to be long and problematic. This should be expected because employees are all learning about ISO 9001 and the requirements. Sometimes they’re learning new systems and such as well.
• You may want to take a read through http://Elsmar.com/Audit/
The Internal Audit
The Systematic Investigation
of the Intent, Implementation, and Effectiveness
of Selected Aspects of the Systems
of an Organization
or One or More of It’s Departments
A Typical Audit Process
Internal Audit Goal
To Collect
Objective Evidence
To Permit An
Informed Judgment
About The
Status and Effectiveness
Of The Systems Audited
Objective Evidence
• It exists
• Not influenced by emotion or prejudice
• Based on observation
• Verbal or documented
• Verifiable
• May be quantitative
• Within the systems being audited
Many Requirements
QS/ISO 9001
Contract Requirements
Company System Requirements
(Policy, Procedures, Instructions)
OSHA
EPA
Federal and State Regulatory
Internal Audits
Schedule Example
Outsourcing Internal Audits
• Many smaller companies outsource internal audits.
• Many large companies have a distinct department which carries out internal audits at facilities world-wide.
• There are a number of possible failure modes in internal auditing. You will have to make your own decision. My opinion is to outsource internal audits.
• Details are discussed in two threads:
° http://Elsmar.com/ubb/Forum13/HTML/000041.html
° http://Elsmar.com/ubb/Forum2/HTML/000123.html
Project Fulfillment
Enter The Registrar
The Registrar’s Document Review
• Prior to a pre-assessment, your registrar will want to review your documentation. Typically, they want your Systems Manual (Quality Manual) and a copy of your level II documents. However, some registrars only require your quality manual. ASK them specifically what they want submitted for review.
• You should not let the registrar wait to ‘the last minute’ do a document review. I often see this done. The client gets the review back at or just prior to the pre-assessment. Folks, this does not allow you any time to deal with any problems if any are encountered during the review. Try to get your review done 6 weeks or more prior to pre-assessment.
Pre-Assessment Audit
• Some registrars require a pre-assessment. Some do not.
• A pre-assessment is a valuable tool. Your relationship with your registrar is going to be an intimate one. Interpretation of the requirements with respect to your company and ‘the intent’ is a big factor in a registration. During this visit you will ‘get to know’ your registrar.
• The man-days for the pre-assessment are typically about 1/3 or less than for the registration audit.
• The pre-assessment is, like the registration audit, a sample. Everything will not be looked at.
Assessment Audit
• This is the fun audit! This is where everyone is fair game. Not much else I can say.
• This is, like all audits, a sample. But it is a big sample. They look at a representative sample of each system.
• The following slides tell you what to expect.
Reasons For Third Party Audits
• Everyone is familiar with the idea of audits. One place we are all aware of audits is in the banking industry. For years, the government has required banks to submit to periodic audits by government agencies and/or external companies who specialize in auditing. Few people want to put the