The Elsmar Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Elsmar Cove Discussion Forums Main Page



Implementing A "Quality" Management System
E.g.: ISO 9001

Originally, this material was written in 1997 - Things have not really changed very much.


Click here to start


Table of Contents

Understanding and Implementing - An ISO 9001 or Related - QMS - ("Quality" Management System)

Implementing An ISO 9001 "Quality" Management System

An Open Source Document

Files Included in this Package

About This Document - Contents

Sample Flow Charts

Introduction

Implementation Considerations

Quality Systems

ISO 9000 Family of Documents

ISO9001 DIS Structure

ISO 9001 Vs Baldrige

Malcolm Baldrige National Quality Award Criteria Circa 4/2001

ISO 9001

Where Did It Come From?

Liability

Origins

ISO 9001 and Quality

The Main ISO 900x Documents

The Stated Intent of ISO 9001

Differences In Sectors

Service As A Product

Why Do It?

Why Do It?

Project Duration

Simple Schedule

Typical Costs

Payback

Who’s Doing It & General Issues

A Quality Management System?

System vs. Process

What is a System?

Trade Relationships

The Organization as a System, Subsystems, and Processes

Systems and Subsystems

Organization As An Extended System

Organization As An Extended System

Extending Outside the Organization

An Extended System

Measures In The Extended System

Quality Through Process Improvement

What is a Process?

Examples of Processes

Significant and Critical Processes

Special Characteristics

Characteristics I

Characteristics II

Characteristics III

Characteristics IV

Characteristics V

Critical Characteristics Matrix

What Is A Quality Management System?

What is a QMS?

ISO 9001 QMS ‘Process Model’

ISO 9001 QMS ‘Process Model’

ISO 14001:1996 EMS ‘Process Model’

The ISO Standards

Required Level II Flow Charts (Procedures)

Some Other Expected Process Maps

ISO 9001 Basics - 4 - General

ISO 9001 Basics - 4.2 - Documentation Requirements

ISO 9001 Basics - 4.2.3 - Control of Documents

ISO 9001 Basics - 5 - Management Responsibility

ISO 9001 Basics - 5.2 - Customer Focus

ISO 9001 Basics - 5.3 - Quality Policy

ISO 9001 Basics - 5.4 - Planning

ISO 9001 Basics - 5.5 - Responsibility, Authority and Communication

ISO 9001 Basics - 5.5.3 - Internal Communication

ISO 9001 Basics - 5.6.2 - Management Review Inputs

ISO 9001 Basics - 6 - Resource Management

ISO 9001 Basics - 6.2.1 - General (Human Resources)

ISO 9001 Basics - 6.3 - Infrastructure

ISO 9001 Basics - 6.3 - More Infrastructure

ISO 9001 Basics - 6.3 - Yet more Infrastructure

ISO 9001 Basics - 6.4 - Work Environment

ISO 9001 Basics - 7 - Product Realization

ISO 9001 Basics - 7.2 - Customer Related Processes

ISO 9001 Basics - 7.2.3 - Customer Communication

ISO 9001 Basics - 7.3.2 - Design and Development Inputs

ISO 9001 Basics - 7.3.4 - Design and Development Reviews

ISO 9001 Basics - 7.3.7 - Design and Development Changes

ISO 9001 Basics - 7.4 - Purchasing

ISO 9001 Basics - 7.4.3 - Verification of Purchased Products

ISO 9001 Basics - 7.5 - Production and Service Provision

ISO 9001 Basics - 7.5.2 - Validation of Processes for Production and Service Provision

ISO 9001 Basics - 7.5.4 - Customer Property

ISO 9001 Basics - 7.6 - Control of Monitoring and Measuring Devices

ISO 9001 Basics - 8 - Measurement, Analysis And Improvement

ISO 9001 Basics - 8.2 - Monitoring and Measurement

ISO 9001 Basics - 8.2.2 - Internal Audit

ISO 9001 Basics - 8.2.3 - Monitoring and Measurement of Processes

ISO 9001 Basics - 8.3 - Control of Nonconforming Product

ISO 9001 Basics - 8.4 - Analysis of Data

ISO 9001 Basics - 8.5 - Improvement (Continual Improvement)

ISO 9001 Basics - 8.5.2 - Corrective Action

ISO 9001 Basics - 8.5.3 - Preventive Action

Implementation

Implementing ISO 9001

The Fed Ex Registration

A Consultant?

Basic Reasons To Consider A Consultant

Role of Consultant - Piano Teacher?

Deliverables

Implementation Guarantees

Example Guarantee Program

A Consultant? Some Last Thoughts...

Implementation - The Process

Implementation Strategies

Project Scope Considerations

Implementation Commandments

Initial Basic Suggestions

‘Standard’ General Registration Path

Top Level Project Flow

‘Typical’ Detailed Implementation Steps Example

Project Definition

Defining Responsibilities

Example Organizational Chart

Top Management

Responsibilities

Other Responsibilities

An Example Area ‘Element Responsibility’ Chart

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Department Specific Responsibility Tracking

Typical Failure Modes

Critical Success Factors

United States - IRS Deduction Ruling

A Plan - Think Project

Example Project Plan Snippet

Support of Upper Management?

A Management Committee

Project Kickoff

What Does This Mean To YOU?

Premise

Discovery! The Sweeps!

Success Based Upon

Old and New

Remember -- The Idea is NOT....

The Basics

Things to Know

Organization and Friendliness

Managers Should Think About...

Last Things to Think About

A “War Room” - (Status and Tracking)

Discovery and Classification

Define Document Types - (Classifications)

More on Documentation

Interviewing A Registrar

Basics

Inform & Discuss

About The Auditors

Questions & Thoughts 1

Questions & Thoughts 2

Questions & Thoughts 3

The Audits

Communications

Specification Interpretations

What’s In A Contract Anyway?

Audit Nonconformance Questions

Project Actions

Sweeps - The Discovery Phase

Sweeps

Where to Start - Documentation

Identification

Sweeping An Area - I

Sweeping An Area - II

Some Things To Think About...

More(!) Things to Think About

Organization and Friendliness

Discovery Phase (Sweeps) Check List

Discovery Phase Check List

Documentation - The Details

Why the Stress on Documentation?

What is Documentation?

An Everyday Work Instruction

What is Controlled Documentation?

‘Standard’ Documentation Pyramid

Documentation

Myths vs. Truths

Basic Rules

Quality Records

What Are Quality Records?

Typical Types of Records

Records Management Activities

Records Required By ISO 9001

Document Mapping

Document Mapping

Mapping Aspects

Document Tiers & Classes

High Level Documentation Structure

Local Documentation Tiers

Typical Documentation Tiers

Flow Up vs Flow Down

Documentation Compliance Considerations

Mapping - Two Aspects

Line Item Matrix Mapping

Determination of Required Documents

Summary

Process Mapping

Why Process Maps?

Typical Top Level Operations Flowchart

Business As A System (Process)

Use a Process Flow Chart!

Creating a Process Flow Chart

Creating a Process Flow Chart

Early Process Flow Diagram

Flowchart

Symbols Used In Flowcharts

Basic Flow Chart Example - High Level

Basic Flow Chart Example - High Level

Flow Chart Example - Low Level

Process Map Elements

Process Map Elements

Process Map Elements

7 Steps to Process Mapping

Process Mapping Worksheets

Process Mapping Steps 1 and 2

Process Mapping Step 3

Process Mapping Step 4

Process Mapping Step 4

Job Descriptions

Process Mapping Step 4

Process Mapping Step 5

Process Mapping Step 6

Internal Audits

Internal Audits

The Internal Audit

A Typical Audit Process

Internal Audit Goal

Objective Evidence

Many Requirements

Internal Audits

Schedule Example

Outsourcing Internal Audits

Project Fulfillment

Enter The Registrar

The Registrar’s Document Review

Pre-Assessment Audit

Assessment Audit

Reasons For Third Party Audits

Reasons For Third Party Audits 2

What is an Auditor?

Auditors Are Not!!!

What Will The Auditors Do?

Who Will Be Audited?

The Audit Team

Types of Audits

What Will Happen If...

Things to Know

Things to Do

Things NOT to Do

General Things To Know and Do

Typical Audit Questions to Expect

Supervisors Should Think About...

Last Things to Think About

QS-9000 (now IATF 16949) / ISO 9001 Reminders

Real Life

Good Luck!

Home Page: Elsmar.com

Editable Powerpoint file available. Free!

NOTE: ISO 9001:2000 was reissued as ISO 9001:2008, however there were no significant changes in the 2008 version. The 2015 version of iSO 9001 is also essentially the same with the notable "addiition" of Risk Based Thinking. That said, you must have a copy of the standard, whether ISO 9001 or other QMS standard, and you must understand not only the requirements, but how to answer auditor questions with regard to every sentence in the applicable standard.

Implementation Considerations
• You are not the first. Over 345,000 organizations had registered to ISO 9001 by early 2001. Now, in 2016, it is close to impossible to say how many companies have registered to ISO 9001. There simply is no reliable, accurate way to count them all. There is no central authority that keeps count. The ISO folks put out a survey (which they charge for) but it too is a "best guess".
• A main point to remember as you traverse this presentation is that each company is different. There is no way I can address every possible type and size of company. The contents represent the basis of a methodology I have used over the last 8 years in implementing ISO 9001 and QS-9000 (now IATF 16949) (now TS 16949) in facilities as large as 20,000 souls, as small as 8 persons, in companies as large and complex as Motorola, as ‘unusual’ as Harley-Davidson, and as unique as an insurance company and an elevator cab manufacturing company. The methodology is structured. How closely you follow the path will depend upon your specific circumstances and needs as well as your own beliefs. Some companies go slowly. Some companies do not want a complex project plan. Some companies insist on a complex project plan.
• As much as anything else, you will have to assess recommendations with consideration to your circumstances.

An effective management system goes beyond contemporary fundamentals applying basic quality techniques, methods and principles. It does benefit the management fundamental base of operations by assuring that the necessary elements for competitiveness within a "Knowledge Based Global E-conomy" and entices reduction of hazards and risks.

The ISO 9000 series includes ISO 9000, ISO 9004 and the specification requirement ISO 9001. ISO 9001 allows the exclusion(s) of clauses of section 7 (clauses 7.0 through 7.6). On the basis of ISO 9000:2000 requirement standards series leads to development of other schemes specifically addressing industry sectors (or industry specifics), namely ISO 9000 variations or variants.
* ISO 9000-3 (basis for Tick-IT),
* AS9100 for Aerospace / Aviation,
* ISO 13485 (compatible with FDA cGMP QSR 21 CFR Part 820) for medical devices,
* TL 9000 for telecommunications,
* HACCP into ISO 9001 (food sector) - ISO 9001 HACCP (ISO 22000),
* ISO/TS 16949 (harmonizing automotive sector standards),
* ISO 17025 for laboratories, and
* others (ISO/IEC 17799, EN 13816...)

Understanding and Implementing
ISO 9001
Implementing An ISO 9001 Quality Management System
An Open Source Document
This document is an Open Source document!
Huh?
• This means it is the result of the input of may people and resources.
• This means YOU can and may participate. If you want something included or have a suggestion, please let me know. You can send some slides in e-mail. Or write me and tell me about what has not been addressed but that you believe should be addressed. If your suggestion is incorporated into the document you will be given credit in the document. You will get updates for free as long as the file is undergoing updates (rumour is I may die someday or decide to do something else with my life so I can’t really use the word forever).
• I will accept and incorporate good ‘patches’ and constructive criticism.
• Telling me of spelling errors doesn’t count, but will be very much appreciated.
• This is how we do things in hackerland; it's a combination of individual visions and collaborative synergy that makes things work. Just as it is in the Cove forums.
Files Included in this Package
About This Document - Contents
• This document is a ‘digest’ from many implementations I have been involved in, information from news group snippets and forums discussions. I have tried to make it as comprehensive as possible given the extreme range of types and sizes of companies and their scopes of implementation. I have also tried to address both simple and complex issues to address the needs of the novice as well as those whose occupation is in the quality field.
• If you are the owner or manager of a small company, you may have heard about ISO 9000. Maybe not. Either way, if you have 10 people or less you probably don’t have anyone with a quality assurance background. On the other hand, if there are 20,000 employees in your company you probably have a quality background which is why you’re here.
• For small companies where there is no one with a quality background implementation can appear to be overwhelming. It’s not that ISO is so difficult. It’s that if you don’t have a good understanding of some of the quality related concepts, such as nonconformance and corrective action systems, it becomes much like taking up a new occupation (after how many years?) or learning a new language.
Sample Flow Charts
There are several resources included.
These are each different sets of flow charts.
° One is a directory of gifs which you can open with your picture editor. Sample_Flow_Charts-jpg_Format is the directory name.
° Map_Examples is a directory with some linked flow charts. Open the file index.html with your browser.
° The file Flow_Charts.ppt has a number of more current flow charts examples (ideas!).
° The file Flowcharting.pdf contains some help on how to make a flow chart.
Major flow charts have details on system requirements.
Introduction
The Purpose of this Presentation is to Provide an Overview of ISO 9000 and to discuss Implementation Methodologies
Implementation Considerations
• You are not the first. Over 345,000 organizations have registered to ISO 9000 by early 2001.
• A main point to remember as you traverse this tome is that each company is different. There is no way I can address every possible type and size of company. The contents represent the basis of a methodology I have used over the last 8 years in implementing ISO 9001 and QS-9000 (now IATF 16949) in facilities as large as 10,000 souls, as small as 8 persons, in companies as large and complex as Motorola, as ‘unusual’ as Harley-Davidson, and as unique as an insurance company. The methodology is structured. Very structured. How closely you follow the path will depend upon your specific circumstances and needs as well as your own beliefs. Some companies go slowly. Some companies do not want a complex project plan. Some companies insist on a complex project plan. But, more on this later.
• As much as anything else, you will have to assess my recommendations with consideration to your circumstances.
Quality Systems
ISO 9000 Family of Documents
ISO9001 DIS Structure
ISO 9001 Vs Baldrige
Malcolm Baldrige National Quality Award Criteria Circa 4/2001
1. Leadership
° Organizational Leadership
° Public Responsibility and Citizenship
2. Strategic Planning
° Strategy Development
° Strategy Deployment
3. Customer and Market Focus
° Customer and Market Knowledge
° Customer Relationships and Satisfaction
4. Information and Analysis
° Measurement and Analysis of Organizational Performance
° Information Management
ISO 9000
The Ultimate Goals of ISO 9001 are:
1. To Provide Consistent Processes
(Documented Systems Provide For Consistency)
With Defined RESPONSIBILITIES
2. Customer Satisfaction
3. Continuous Improvement
Periodic Audits Ensure Systems Are Working
Where Did It Come From?
Liability
By defining practices, Liability is addressed. In fact, the whole ISO 900X series is the reaction to a need to assign
Responsibility
For international trade issues involved in bringing the continent together into the ‘European Union’. The foundation drifted to be a ‘quality standard’.
Liability
• The ISO 9000 series is a vehicle to address liability issues
• Driver was the European Common Market
• Is relevant locally and world wide
Origins
ISO 9001 and Quality
• ISO 9001 Has Nothing To Do With the Quality of a Product or Service
Cement Life Preserver
The Classic Example
• The year 2000 version of ISO 9001 carries a revised title, which no longer includes the term Quality Assurance. This reflects the fact that the quality management system requirements specified in this edition of ISO 9001 address quality assurance of product as well as customer satisfaction.
• See https://elsmar.com/ubb/Forum5/HTML/000063.html
• Conformance to Specifications
• Consistency of Processes
The Main ISO 900x Documents
• ISO 9000
NEW: Quality Management Systems - Fundamentals and Vocabulary
OLD: Replaces the old ISO 8402:1994
• ISO 9001
NEW: Quality Management Systems - Requirements
OLD: Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing
• ISO 9004
NEW: Quality Management Systems - Guidelines for Performance Improvement
OLD: Quality Management and Quality System Elements - Guidelines
The Stated Intent of ISO 9001
0 INTRODUCTION
0.1 General
This International Standard specifies requirements for a quality management system that can be used by an organization to address customer satisfaction, by meeting customer and applicable regulatory requirements. It can also be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer and regulatory requirements.
The adoption of a quality management system needs to be a strategic decision of the organization. The design and implementation of an organization's quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization. It is not the purpose of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.
It is emphasized that the quality management system requirements specified in this International Standard are complementary to technical requirements for products.
Differences In Sectors
1.2 Permissible exclusions
The organization may only exclude quality management system requirements that neither affect the organization's ability, nor absolve it from its responsibility, to provide product that meets customer and applicable regulatory requirements. These exclusions are limited to those requirements within clause 7 (see also 5.5.5), and may be due to the following:
(a) the nature of the organization's product;
(b) customer requirements;
(c) applicable regulatory requirements.
Where permissible exclusions are exceeded, conformity to this International Standard should not be claimed. This includes situations where the fulfillment of regulatory requirements permits exclusions that exceed those allowed by this International Standard.
Service As A Product
3.1 - product - result of a process
NOTE 1: There are four agreed generic product categories:
- hardware,
- software,
- services,
- processed materials.
Most products are combinations of some of the four generic product categories. Whether the combined product is then called hardware, processed material, software or service depends on the dominant element.
Why Do It?
• I’ll bet either a customer requirement or your sales / marketing folks dreamed this up for you to do, right? Almost all implementations are the result of one or the other. I have never had a client which simply decided to do it because they felt doing so would be beneficial to the company. This is not to say improvement is not an issue. It almost always very much is. But that has never been the spark that initiated the process.
• Many of you know I’m not a proponent of registration per se. For some companies it is a good thing. They lack the internal discipline necessary to ensure people are doing what they are supposed to be doing.
• I am a gung ho proponent of the implementation process. In the very least, it necessitates a serious housekeeping effort. The process typically opens everyone’s eyes to what they are doing and why. Often I refer to the early stages of implementation as the Discovery Phase. I cannot tell you how many times I have heard “I didn’t know we were doing that!” Sometimes it’s scary thinking how far in the dark some people are in so far as knowing and understanding what they’re supposed to be doing goes. Which is pretty far. I have never seen an implementation which did not benefit the company in some way.
Why Do It?
• Process Improvements
° Theoretically, as you implement the system, you have the opportunity to improve your processes. You will outline the current process, add the requirements of the standard and then optimize the process with input from the process users.
• Increased Quality Awareness
° Theoretically, as the system is implemented, quality awareness will increase because all staff must be trained on ISO 9000, staff must be trained on processes as they are implemented and staff will have "ownership" of processes they are involved in developing and improving.
Project Duration
How long will it take?
° An implementation project will typically take about 6 to 9 months, but will range from 3 to 20 months.
° Factors that will affect the timeline include:
∞ Size and complexity of the organization.
∞ Existing systems
∞ How much existing documentation is available which can be used.
∞ Amount of resources available for the project
∞ ISO expertise available.
Simple Schedule
Typical Costs
Payback
• Companies minimize deficiencies in supply and support of products and services.
• Companies identify problem areas and address them quicker.
• Companies identify customer needs more accurately.
• Companies become more consistent in their product and services.
Who’s Doing It & General Issues
The ISO organization publishes a yearly assessment of the ISO 9001 distribution.
° ISO9K-8thCycleSurvey.pdf (through December 1998)
° ISO9K-9thCycleSurvey.pdf (through December 1999)
The Magical Demystifying Tour of ISO 9000 and ISO 14000
° http://www.iso.ch/9000e/magical.htm
A Quality Management System?
System vs. Process
• System
Pronunciation sI stEm
Definition A group of related things or parts that function together as a whole.
Example The school system in our city.
• Process
Pronunciation pra sehs
Definition A systematic sequence of actions used to produce something or achieve an end.
Example An assembly-line process.
What is a System?
• Collection of interacting parts functioning as a whole.
• Collection of subsystems that support the larger system.
• Collection of processes oriented toward a common goal.
• The organization as a system.
Trade Relationships
The Organization as a System, Subsystems, and Processes
Systems and Subsystems
Organization As An Extended System
Organization As An Extended System
Extending Outside the Organization
An Extended System
Measures In The Extended System
Quality Through Process Improvement
What is a Process?
• A series of operations or steps that results in a product or service.
• A set of causes and conditions that work together to transform inputs into an output.
Examples of Processes
Significant and Critical Processes
• Significant Processes
° Are processes by which the mission-essential work of the organization is accomplished.
° Contribute directly to meeting the needs and requirements of customers.
° Can be traced from output (to external customer) back to input (to the organization).
• Critical Processes
° A stage within a significant process.
° One that is deemed as most important for control and improvement.
Special Characteristics
With Regard to QS-9000 (now IATF 16949)
• The AIAG defines a Special Product Characteristic as a product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product. Ford Motor Company divides Special Characteristics into two categories: Critical Characteristics and Significant Characteristics
• Critical Characteristics are defined by Ford as product or process requirements that affect compliance with government regulation or safe product function, and which require special actions or controls. In a design FMEA, they are considered Potential Critical Characteristics. A Potential Critical Characteristic exists for any Severity rating greater than or equal to 9. In the process FMEA, they are referred to as Actual Critical Characteristics. Any characteristic with a Severity of 9 or 10 which requires a special control to ensure detection is a Critical Characteristic. Examples of product or process requirements that could be Critical Characteristics include dimensions, specifications, tests, assembly sequences, tooling, joints, torques, welds, attachments, and component usages. Special actions or controls necessary to meet these requirements may involve manufacturing, assembly, a supplier, shipping, monitoring, or inspection.
Characteristics I
• CHARACTERISTIC: A distinguishing feature, dimension or property of a process or its output (product) on which variable or attribute data can be collected. (P39 APQP)
• CHARACTERISTIC, CRITICAL, CHRYSLER DEFINITION: Characteristics applicable to a component, material, assembly, or vehicle assembly operation which are designated by Chrysler Corporation Engineering as being critical to part function and having particular quality, reliability and/or durability significance. These include characteristics identified by the shield, pentagon, and diamond. (49 PPAP)
• CHARACTERISTIC, CRITICAL (INVERTED DELTA), FORD DEFINITION: Those product requirements (dimensions, performance tests) or process parameters that can affect compliance with government regulations or safe vehicle/product function, and which require specific supplier, assembly, shipping, or monitoring and included on Control Plans. (P49 PPAP)
• CHARACTERISTIC, CRITICAL, GM DEFINITION: See Key Product Characteristic. (P49 PPAP)
• CHARACTERISTIC, KEY CONTROL (KCCs): Those process parameters for which variation must be controlled around a target value to ensure that a significant characteristic is maintained at its target value. KCCs require ongoing monitoring per an approved Control Plan and should be considered as candidates for process improvement. (P49 PPAP)
• CHARACTERISTIC, KEY PRODUCT (KPC): Those product features that affect subsequent operations, product function, or customer satisfaction. KPCs are established by the customer engineer, quality representative, and supplier personnel from a review of the Design and Process FMEA’s and must be included in the Control Plan. Any KPCs included in customer-released engineering requirements are provided as a starting point and do not affect the supplier’s responsibility to review all aspects of the design, manufacturing process, and customer application and to determine additional KPCs. (P49 PPAP)
Characteristics II
• CHARACTERISTIC, PROCESS: Core team identified process variables (input variables) that have a cause and effect relationship with the identified Product Characteristic(s) which can only be measured at the time of occurrence. (6.3 #20 APQP)
• CHARACTERISTIC, PRODUCT: Features or properties of a part, component or assembly that are described on drawings or other primary engineering information. (6.3 #19 APQP)
• CHARACTERISTIC, PRODUCT, CRITICAL (D), CHRYSLER DEFINITION: A defect which is critical to part function and having particular quality, reliability, and durability significance. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, PRODUCT, MAJOR, CHRYSLER DEFINITION: A defect not critical to function, but which could materially reduce the expected performance of a product, unfavorably affect customer satisfaction, or reduce production efficiency. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, PRODUCT, MINOR, CHRYSLER DEFINITION: A defect, not classified as critical or major, which reflects a deterioration from established standards. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, PRODUCT, SAFETY/EMISSION/NOISE (S), CHRYSLER DEFINITION: A defect which will affect compliance with Chrysler Corporation and Government Vehicle Safety/Emission/Noise requirements. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION “Shield <S>: Specifications of a component, material, assembly or vehicle assembly operation which require special manufacturing control to assure compliance with Chrysler Corporation and government vehicle safety requirements. (QS-9000 (now IATF 16949) )
Characteristics III
• CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION: Specifications which require special manufacturing control to assure compliance with Chrysler or government vehicle safety requirements. (P50 PPAP)
• CHARACTERISTIC, SIGNIFICANT, CHRYSLER DEFINITION: Special characteristics selected by the supplier through knowledge of the product and process. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, SPECIAL: Product and process characteristics designated by the customer, including governmental regulatory and safety, and/or selected by the supplier through knowledge of the product and process. (P104 APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>: Specifications of a component, material, assembly or vehicle assembly operation which are designated by Chrysler as being critical to function and having particular quality, reliability and durability significance. (QS-9000 (now IATF 16949) )
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>: Specific critical characteristics that are process driven (controlled) and therefore require SPC to measure process stability, capability, and control for the life of the part. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Pentagon” <P>: Limited to highlighting Critical characteristics on (Production) part drawings, tools and fixture, and tooling aid procedures where ongoing process control is not automatically mandated. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Shield” <S>: Engineering designated specifications or product requirements applicable to component material, assembly operation(s) which require special manufacturing control to assure compliance with governmental vehicle safety, emissions, noise, or theft prevention requirements. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
Characteristics IV
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Critical Characteristic” <Inverted Delta>: Those product requirements (Dimensions, Specifications, Tests) or process parameters which can affect compliance with government regulations or safe Vehicle/Product Function and which require specific producer, assembly, shipping or monitoring actions and inclusion on the Control Plan. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant Characteristic - SC” <None>: Those product, process, and test requirements that are important to customer satisfaction and for which quality planning actions shall be included in the Control Plan. (Appendix C QS-9000 (now IATF 16949) )
• CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant/Characteristic - S/C” <None>: Characteristics that are important to the customer and that must be included on the Control Plan. (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Fit/Function” <F/F>: Product characteristic for which reasonably anticipated variation is likely to significantly affect customer satisfaction with a product (other than S/C) such as its fits, function, mounting or appearance, or the ability to process or build the product. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S/C>: Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as: flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix C QS-9000 (now IATF 16949) )
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S>: Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as: flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix C APQP)
Characteristics V
• CHARACTERISTIC, SPECIAL, GM DEFINITION “Standard” <None>: Product characteristic for which reasonably anticipated variation is unlikely to significantly affect a product’s safety, compliance with governmental regulations, fit/function. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
• CHARACTERISTIC, SPECIAL, PROCESS (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A process characteristic for which variation must be controlled to some target value to ensure that variation in a special product characteristic is maintained to its target value during manufacturing and assembly. (P57 FMEA)
• CHARACTERISTIC, SPECIAL, PRODUCT: Core team compilation of important product characteristics from all sources. All Special Characteristics must be listed on the Control Plan. (6.3 #19 APQP)
• CHARACTERISTIC, SPECIAL, PRODUCT (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product. (P55 FMEA)
• CHARACTERISTIC, SPECIAL, TOOLING, CHRYSLER DEFINITION “Pentagon” <P>: Critical tooling symbol used to identify special characteristics of fixtures, gages, developmental parts, and initial product parts. (QS-9000 (now IATF 16949) )
• CONTROL ITEM PART, FORD DEFINITION: Product drawings/specifications containing Critical Characteristics. Ford Design and Quality Engineering approval is required for changes to Control Item FMEA’s and Control Plans. (QS-9000 (now IATF 16949) )
Critical Characteristics Matrix
What Is A Quality Management System?
• In the Words of the ISO Folks:
° “Both ISO 9000 and ISO 14000 are known as generic management system standards.”
° “Generic means that the same standards can be applied to any organization, large or small, whatever its product – including whether its ‘product’’ is actually a service – in any sector of activity, and whether it is a business enterprise, a public administration, or a government department.”
• What this amounts to is the ISO 9001 requirements are what the ISO folks have determined to be ‘Best Practices’ in a business. The ISO folks comment that these are “…now available to small companies…”. I contend they always have been and, in fact, most of my smaller clients had well established systems which functioned quite well to begin with. It’s hard to say that their ISO registration process was particularly value added. As with the vast majority of companies, they were required by one or more customer(s) to register. Or the sales folks saw registration as a potential for increased sales (everyone’s doing it).
What is a QMS?
Are we talking about ISO 9001 or QS-9000 (now IATF 16949) or what, here?
To start out, let’s discuss what you are planning to do. Throughout this document you will see ISO 9001 and QS-9000 (now IATF 16949) cited. We are, at the bottom level, talking a System. With respect to ISO 9001 (and QS-9000 (now IATF 16949) and TS 16949 for that matter) it is called a Quality Management System. With the ISO 9001 release, page vi defines it in a diagram. Below is the version from the DIS. ISO 14001 requires an Environmental Management System.
ISO 9001 QMS ‘Process Model’
ISO 9001 QMS ‘Process Model’
One of the interesting parts of this system is Continuous Improvement of the Quality Management System is specified as the result. Not improvement of the product. One can argue if you improve you quality system the product should improve as well. However, this is just not always the case.
ISO 14001:1996 EMS ‘Process Model’
The below is from page vi of ISO 14001:1996.
Notice it is not drawn as a closed loop system as is the ISO 9001 system.
The ISO Standards
ISO 9000:2000 Quality management systems – Fundamentals and vocabulary
Establishes a starting point for understanding the standards and defines the fundamental terms and definitions used in the ISO 9000 family which you need to avoid misunderstandings in their use.
ISO 9001 Quality management systems – Requirements
This is the requirement standard you use to assess your ability to meet customer and applicable regulatory requirements and thereby address customer satisfaction.
ISO 9004:2000 Quality management systems – Guidelines for performance improvements
This guideline standard provides guidance for continual improvement of your quality management system to benefit all parties through sustained customer satisfaction.
ISO 19011 Guidelines on Quality and/or Environmental Management Systems Auditing (currently under development)
Provides you with guidelines for verifying the system's ability to achieve defined quality objectives. You can use this standard internally or for auditing your suppliers.
ISO 10005:1995 Quality management – Guidelines for quality plans
Provides guidelines to assist in the preparation, review, acceptance and revision of quality plans.
ISO 10006:1997 Quality management – Guidelines to quality in project management
Guidelines to help you ensure the quality of both the project processes and the project products.
ISO 10007:1995 Quality management – Guidelines for configuration management
Guidelines to ensure that a complex product continues to function when components are changed individually.
Required Level II Flow Charts (Procedures)
4.2.3 Control of Documents
4.2.4 Control of Quality Records
8.2.2 Internal Audit
8.3 Control of Nonconformity
8.5.2 Corrective Action
8.5.3 Preventive Action
Some Other Expected Process Maps
° Product ID / Traceability ( 7.5.2)
° Customer Property (7.5.4)
° Preservation of Product (7.5.5)
° Validation of Processes (7.5.2)
° Process Measurement / Monitoring (8.2.3)
° Product Measurement / Monitoring (8.2.4)
° Analysis / Improvement (8.4, 8.5)
• Some of you will be implementing in small companies. Some of you will be implementing in very large companies. In this document there is a mix of information. Some is appropriate to larger companies and some is targeted to smaller companies. In general it should be obvious but the rule of thumb is the bigger the company the more complex the issues become. Multi-nationals are the most complex, as one would expect.
• While this presentation is aimed at ISO 9001, it applies to ISO 14001 and QS-9000 (now IATF 16949) as well, for the most part. There are a number of additional issues associated with QS-9000 (now IATF 16949) , however in general the intent is the same in so far as the ISO 9001:1994 requirements basis. Implementing ISO 9001 vs. QS-9000 (now IATF 16949) is no different. From sweeps to document mapping, you have to determine what you have, what you need and how you want to get to the finish line.
• Do not forget that implementing a QMS is a project.
The Fed Ex Registration
Food for thought… Discussion at: https://elsmar.com/ubb/Forum2/HTML/000078.html
Subject: RE: ISO 9001 Certified Virtual Office
Just as a point of clarification, the Fed-Ex audit approach was an exception to the rule. You are correct in stating that registrars need to follow rules for multi-site sampling. In this unique case, the RAB did approve the unusual approach used by the registrar. The exception was approved due to the unique design of Fed-Ex's systems. It is unlikely that another organization will duplicate these systems. Therefore, we should not expect to see this unique audit approach used for other organizations.
Indeed it was a virtual audit because hundreds of field offices were audited without the auditor physically being there. My agreement of confidentiality does not allow me to share more with you. Unless you fully understand how the Fed-Ex systems is set up, it is difficult to see that conducting a virtual audit is possible. It remains a controversial certification because of the approach used and the fact that it has not yet been used at another organization.
A Consultant?
Basic Reasons To Consider A Consultant
• To help plan your project
° An efficient implementation begins with a solid plan, taking into account those things you need to work on, leaving out those things which are already in place, and developing an accurate estimate of how long each implementation phase should take.
• To help interpret the standard
° A consultant who understands the standard's requirements can prevent wasted time doing things the standard does not require, or doing things in a way that does not meet the standard. You do not want to have to undo any of your hard work.
• To allow you to benefit from experience
° Using a consultant allows you to begin work right away without having to learn things on your own, and without having to learn by your mistakes.
• To watch your timeline
° A consultant can work with your steering team and ISO point teams and make sure the work is done within the time allowed on the timeline.
Role of Consultant - Piano Teacher?
• ‘Full Service’
On-site full-time for the duration of the project. Various roles & Responsibilities.
• Visits - As Required
Track progress through interviews (meetings) and ‘internal audits’. Address interpretations issues. Help with systems design.
• Internet / Phone
Verify systems documents
Discuss interpretations and systems
Answer general questions
NOTES: Training can be applied to any of the above but is on-site.
Internet / Phone is always available
Deliverables
• Dependent Upon The Client’s Needs and Expectations
• Must Be Agreed To In Advance
• May Change During Project
• May Include:
Project Management
Systems Design
Systems Documentation
Training
Internal Auditing
Implementation Guarantees
• Some companies offer ‘guarantees’. Consider the details / requirements carefully.
• Typical Disclaimer Example
“ The ISO 9001 Network guarantees that your company will achieve ISO 9001, QS-9000 (now IATF 16949) , or ISO 14000 certification if you follow our program.” - From http://www.isonet.com/Gaurantee.htm (sic)
• The time it takes to implement a system is inversely proportional to the company’s involvement and prioritization. As involvement and/or priority increases, time decreases. Pretty much a ‘no brainer’.
Example Guarantee Program
8-Step Guaranteed Registration Plan
PIC has now designed a cost effective training and consulting package to help your organization achieve registration -- GUARANTEED!
Our philosophy is to assist your company in developing and applying the skills necessary to plan, implement and achieve registration.
Our 8-Step Guaranteed Registration Plan includes:
1. ISO/QS-9000 (now IATF 16949) Introduction Seminar - Training
2. ISO/QS-9000 (now IATF 16949) Awareness Sessions - Training
3. ISO/QS-9000 (now IATF 16949) Needs Assessment - Consulting
4. ISO/QS-9000 (now IATF 16949) Implementation/Documentation - Training
5. ISO/QS-9000 (now IATF 16949) System Development, Consulting, Coaching, Training
6. Choosing a Registrar - Consulting
7. Part A: ISO/QS-9000 (now IATF 16949) Internal Auditor Training
Part B: Internal Auditor Site Coaching - Training
8. Part A: Pre-Assessment Audit - Consulting
Part B: Registration Audit - Consulting
A Consultant? Some Last Thoughts...
1. Prepare a statement outlining the nature, scope and objectives of the assignment.
2. Circulate this written statement to the key people in your organization inviting them to comment by a specific date in terms of whether it defines the need accurately and whether the assignment should be tackled internally or external help sought.
3. Define the expertise you will need.
4. Invite the consultant for an interview.
5. Brief the staff who will be involved in the selection process.
6. Avoid organization jargon.
7. Ask the consultant to describe how the assignment will be approached.
8. Request references, in confidence, to provide real examples of previous assignments carried out and check with the referees how successfully the assignment was carried out. Do not buy on price alone.
9. Express the assignment you wish carried out in terms of the end results, i.e. outputs, that you want to achieve.
10. IF YOU PROCEED… Provide resources and executive commitment. There is no point in seeking consultancy help unless you have the will, the resources and the organization resolve to follow the advice you get.
Implementation - The Process
Implementation Strategies
• Compressed Project
Drop Dead Date
High Priority Project Management Approach
Intimate high level management involvement
Regular Scheduled Meetings
• Business As Usual
Low stress
Low Priority Project Management Approach
Slipping schedule not critical
Irregular Meetings
• Meandering
Slipping schedule not important
Low level management support / involvement
Irregular meetings
Project tends to ‘Fade Away’
Project Scope Considerations
• Single Location
Current company / facility status
Scope of registration
Training needs
Implementation strategy
Resource allotment
• Multiple Locations
Single or shared certificate
Degree of shared documentation
Degree of shared data / information systems
Network Capacity / Capability
NOTE: Single location considerations all apply to multiple location projects.
Implementation Commandments
• You cannot give someone a responsibility without publicly conferring authority to act.
• If top management doesn’t care, no one else will care.
• If planned meetings are not attended, ‘someone’ isn’t serious about their part in the project.
• Track the project publicly. Publicize status weekly or bi-weekly.
• Communication may not be everything, but it is the largest single stumbling block. No camps with walls.
• If people do not have enough time to begin with, they won’t have time for this.
Initial Basic Suggestions
• I suggest you make and use a ‘history’ binder.
• Make a list of your departmental ‘responsibilities’.
Think INPUTS and OUTPUTS
• Prioritize each into ‘Tiers’ or ‘Levels’ in accordance with the Document Pyramid herein. Categorization is approximate.
• Make a Plan or Schedule for each.
• Always ask, as the auditor will:
“ Does this affect the quality of our product(s)?”
‘ Standard’ General Registration Path
• Assess your situation (Pre-assessment)
Also called Gap Analysis
• Consultant?
• Define a plan with time line & begin
• Interview and choose registrar
• Documentation processes
• Manage transitional activities
• Registrar document review
• Registrar pre-assessment
• Corrective actions
• Registration audit
Implementation time frame: 3 months to 2 years
Top Level Project Flow
‘ Typical’ Detailed Implementation Steps Example
1 Determine Specific Requirement(s)
2 Define Time to Complete Requirement
3 Define Scope of Assessment
4 Project Set-Ups
5 Write Company Quality Systems Manual
6 Document Company Quality Policy
7 Define Documentation Systems
8 Document Master Numbering System
9 Establish Master Binders
10 Procedures History Binder
11 Project Master Binder
12 Review Status
13 Contact Registrar
14 Agree on Scope
15 Agree On Fees (Try to Bargain)
16 Agree On Audit Date(s)
17 Submit Required Documentation
18 Review Status
19 Awareness & Information Meetings - Hourly
20 ISO 9000 Awareness
21 Work Instructions & Documentation
22 Auditee Training
23 Awareness Reinforcement
24 Review Status
25 Tier 2 (Systems) Documentation
26 Gather Documentation Examples
27 Cross-Area Teams Define & Flow Chart Master Systems
28 Systemic Needs Analysis (Data From Walk-Thrus & Audits)
29 Determine & Integrate Additional Systems Requirements
30 Systems Procedural Documentation & Flow Chart Integration
Project Definition
Defining Responsibilities
Example Organizational Chart
Before you do anything else, be sure you have defined responsibilities from the top down. This is the typical method - An Organizational Chart.
Top Management
• ISO talks about 'Top Management'. Pundits talk about how ISO can only succeed if 'Top Management' is involved. Just who is Top Management?
• In your registration it will depend upon your company. I have argued that top management support is not always necessary for an implementation to succeed. In fact, often the 'real' top management of a company is hardly, if at all, involved. This is very common in sole proprietor situations. The owner, though involved in the business to some degree, essentially delegates all responsibility to a plant manager or other position. The owner often never even meets the registration auditors.
• You have to take a good look at your company structure to determine who, in your company or facility, will be the 'targets' (Top Management).
• See Clause_Interp_and_Upgrading.doc for details.
Responsibilities
Let's talk about Responsibilities
• There are a number of ways to look at defining responsibilities.
° Organizational Charts
• Smaller companies usually only require a single 'org chart'. I have seen some put it right in the front of their 'quality manual'.
• Many companies have numerous organizational charts from high level 'corporate masters' down to the level of each individual department. In larger companies, it should be noted, that these are typically in a state of flux. New 'positions' are made and others are eliminated. It is important for you to note that these are Controlled documents. A somewhat common failure mode is a loss of control or not defining who is responsible for the control of the organizational charts.
° Matrices
° Procedures
Other Responsibilities
• The following are matrices used to define responsibilities in another way. We have discussed org charts, procedures and such, but what about people knowing what they are responsible for knowing and following?
• Typically this is done during employee training. But - right now we're implementing. How do we know who is responsible for knowing about what and who is responsible for what systems.
• The following slides are from an old implementation, however they may serve to illustrate tracking a large implementation project.
An Example Area ‘Element Responsibility’ Chart
Department Specific Responsibility Tracking
Typical Failure Modes
• Can’t explain systems and/or documentation
• Lack of management involvement
• Personnel not following documentation
• Poor communication and/or training
• Lack of documentation
• No or inadequate document control
• Poor record keeping and systems
• More details at http://www.Elsmar.com/failure.html
Critical Success Factors
• Dedicated ‘Company Knowledgebase’
(Coordinator and/or Management Representative)
• Pre-assessment (document and interview)
• Involved, supportive top management
• Receptive culture
• Focus on business rather than functional areas
• Prioritize processes based on customer needs, anticipated benefits, and potential for success
United States - IRS Deduction Ruling
• IRS Revenue Ruling 2000-4
Implementation costs are tax deductible in the same year.
Registration costs and registration upkeep costs are tax deductible in the same year.
• Internal man hours
• Internal capital expenses
• Consultant fees
I have seen combined implementation / registrar costs as low as US$10,000 and as high as US$10+M.
A Plan - Think Project
Example Project Plan Snippet
Support of Upper Management?
On 2/7/01 12:31 PM in article [email protected]. worldnet.att.net, WL at [email protected] wrote :
>> You could bet your house on the statement "never, ever has
>> there been an implementation of any quality system without
>> top management's full support".
>>
>> Many champions of change have tried, and been fired for their
>> insubordination.
Nonsense. Many implementations do, in fact, succeed without the 'full' support of top management. Change your statement to read "...without some support from top management..." and I'll agree. Also see the Project Kickoff slide herein.
A Management Committee
Most companies establish a management committee (Steering Committee) to ensure buy-in and to ensure communication. No one likes dictates and surprises in an implementation project.
Obviously if there are only 25 employees in your company a committee may not make sense. However, this does not reduce the necessity to appropriately (we must use common sense here) communicate with employees to ensure everyone has a chance to buy into the process, provide inputs and to respond to outputs.
Project Kickoff
Many companies schedule a Kickoff Meeting to establish the project as official. While it is typical for ‘upper management’ (the ‘top dog’) to play a mostly invisible part in the project, the ‘top dog’ should be at this meeting as well as other ‘upper’ and middle management folks. The ‘top dog’ should (must?) voice his/her total support for the project.
This is where top management personally pledges support for the project.
What Does This Mean To YOU?
• Check your local newspaper ‘Help Wanted’ advertisements.
• You will see ISO9000 Experience Preferred or ISO9000 Experience Required.
• No matter where you go in the world, working in an ISO 9000 environment is a Plus in employment.
Premise
• Old:
The other shift must have done that.
That’s not my job.
I’m manufacturing (or quality or whatever...)
They brought it to me that way.
• New:
Check incoming.
It is everyone’s job to Be Involved and to Care.
We’re all one company! It’s your job, too!
Communicate!
Discovery! The Sweeps!
• Open your eyes during this Discovery Period - there are things you can’t see.
• Ask yourself about what your jobs are and the details of each job.
• Self Inspection - Be aware of the output of your jobs. You are responsible.
• Be looking for improvements at all times.
• Remember that we are not here to blindly document everything.
Success Based Upon
• Communication - ensure your ‘borders’, talk to your neighbors.
• Communication - your business is a machine where many parts must ‘talk’ to each other.
• Communication - tell your neighbor your problems and listen to your neighbor’s problems.
Old and New
• Most of your audits up until now have been Product and Process audits by Customers.
• ISO9000 is a Systems audit which focuses on all systems and all products. A significant feature is a focus on process interactions.
Remember -- The Idea is NOT....
• To start a lot of new documentation. Scott Adams is wrong (Dilbert). Not everything, like handling (often), has to be documented. But - we must use common sense.
• To change the way you do things every day.
• To ‘Right Every Wrong’. Take the easy stuff and change it. Take the ‘Hard’ stuff - Identify it and make a Plan to address the issue
The Basics
Say What You Do
This means document your systems so you will consistently do the job the same way every time. We must make sure we have appropriate documentation. Use common sense!
Do What You Say
This is what the auditors want to see. Objective evidence that what you say you are doing in your documentation is what you are doing in practice.
Things to Know
• Know what documentation affects YOU!
You must know what documentation applies to your job. This should have been told to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
• You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
• You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
• Know what training you have had. If you do not know, ASK YOUR SUPERVISOR NOW! Don’t wait until the audit!
Organization and Friendliness
• Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
• Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Managers Should Think About...
• Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
What is your company policy on white-out?
• Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
• Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Last Things to Think About
• Employee Training - System in Process
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
• SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
• Work Areas
Are Work Areas Clean and Orderly?
• Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
A “War Room”
(Status and Tracking)
Discovery and Classification
Define Document Types
(Classifications)
More on Documentation
Interviewing A Registrar
Basics
• I want to remind you that choosing a registrar is like choosing a life partner. While it may not be ‘Until death do us part’, it is quite close.
• The intent herein is not for every question to be asked, but rather as a sort of check list to jog your thoughts with respect to YOUR company’s requirements.
Do remember that anything not discussed early is subject to interpretation later!
• Some important starters:
Who (e.g.: RAB) is the registrar approved by?
Will the registrar provide client names and references?
How many Man days and how many Auditors? (Registration vs Surveillance)
How do they conduct surveillance visits? Scheduled or unscheduled?
Note: There is some redundancy of questions within this presentation.
Inform & Discuss
• Plant Layout - Have a copy to give them for planning.
• Number of shifts and employees per shift - What shifts will be audited? What hours?
• Pre-assessment Audit? - If so, Scope. I prefer the preassessment to be limited to an in-house document and systems review (Quality Manual, all tier [level] 2’s and any related documentation). My concern is less ‘are the folks following documentation’ than ‘is the documentation and are the systems acceptable’ to the registrar. We can assure the folks are following documentation internally. Note: One company I spoke with charged for a Pre-assessment whether you had one or not. I was told that if they did not do a pre-assessment they would have to spend more time during the registration assessment.
NOTE: Documentation failure is the most common registration failure mode.
• DoD and other Sensitive Areas - Make sure everyone agrees on how they will address the ‘Secret’ / ‘Top Secret’ aspects of your company’s business. This will probably be a function of scope.
About The Auditors
• What are the registrar’s qualifications requirements for auditors? (for hiring or using an auditor) Are the auditors trained and certified under ISO 10011 (guidelines for auditing quality systems)?
• How many organizations has the typical auditor certified? (Audits per year)
• How many assessors does the registrar have?
• What is the turnover rate for assessors in the registrar’s company? If there is high turnover that will affect the consistency of the assessment service they provide.
• How are auditor substitutions handled?
• Does the company provide training for auditors and other personnel to keep them abreast of developments in their specific discipline? Are there training records? Frequency of training?
• Will he/she/they (auditor[s]) be available for an interview for your company to assess their suitability? (I doubt you will really want to do this, but many big companies do this.)
Questions & Thoughts 1
• What are your requirements as a registrar above and beyond ISO9001?
Request hard copy of their ‘Contract Requirements’
Ask if there are any requirements not on their ‘Contract Requirements’ listing.
• Are the registrar’s auditors direct hire full-time employees or are they contract?
• Will your company have the same Lead Auditor every audit (a Project Lead Auditor)?
NOTE: Most registrars ‘appoint’ a specific person as a project manager (project lead auditor or what ever the registrar calls it). Ask about how the registrar you are interviewing structures their projects.
• Will the registrar send the Project Lead Auditor on each audit or will a substitute be assigned for surveillance audits?
• Will only the Lead Auditor have experience in the industry or will every member of the audit team?
Questions & Thoughts 2
• How far in advance do they notify you of an impending audit, and provide you with an audit schedule. This will help you prepare for the audit easily if they provide at least 6 weeks.
• How many hours per day is planned during an audit? Some companies consider a day in-plant as 6 hours saying the other time is ‘report writing’ time.
• Ask the registrar to explain the details of their billing.
• Are there any extra charges and tie this down in a written quote. Are travel and lodging expenses covered by the bid? Rental car(s)? There are stories of some companies charging extra for each non-conformance report.
• What quality system does the registrar have in place? Request a copy of their Quality Manual.
• Will they provide you with their internal audit schedule and results of audits and corrective and preventative action?
Questions & Thoughts 3
• How long will it take them to issue you a certificate once they have recommended you for approval?
• How long has the registrar been in business, and do they have any European or Far East affiliates in the registration business?
• If you will one day be going for ISO14000, does the registrar support this standard as well, and would they be able to combine (thereby reducing the man-days at your site, and $s) the ISO9000 audit with the 14000 audit?
• Who does documentation assessment and who does the audit? What is their experience / qualifications?
The Audits
• How many Man Days?
Registration Audit
Surveillance Audits
• How many weeks in advance do they provide the detailed audit schedule?
• Is there a ‘Complete’ re-audit every three years? Or do they audit on a ‘continuous’ basis?
• Surveillance Audits
Frequency - Every 6 months or yearly? (Ask their thoughts)
How much is audited in each surveillance audit?
Communications
• I want to address this briefly, but note it is very important. One registrar I dealt with took over a month to respond to questions. A week maximum is appropriate. I’ve seen phone calls to be returned forgotten. This area can be critical to your company. You want a responsive registrar.
How long does it take their office to respond to questions (typically)?
If it becomes necessary to speak with the Project Lead Auditor, how is that done and how soon after the request will the Project Lead Auditor contact your company?
Specification Interpretations
One of the biggest complaints with ISO9001 is interpretation of the standard. Each auditor has his/her own paradigm and thus expectations. This is one of the reasons why having the same auditors is preferred. This is also the reason why I prefer the pre-assessment be limited to an on-site document review where the auditors set up in offices or a conference room. There they review the Quality Manual against the level 2’s in interviews. Level 3 documents are reviewed and objective evidence provided as requested - however, this is all done in the conference room, NOT on the floor. In short - Are our systems acceptable.
This type of audit is a Verification Audit as opposed to a Validation Audit which is where they actually hit the floor. Now - the 2 big questions:
1) How are disputes with an audit finding handled? Ask them to explain their system. (Request a copy of their procedure!)
2) How does the registrar ensure consistency of interpretations within their company? Some companies have weekly in-house meetings, some have conference calls, some do nothing. THIS IS IMPORTANT!!!
What’s In A Contract Anyway?
• When you get a copy of the registrar's contract, read every word and try to imagine the worst possible scenario. Some time back when I was casting about for a registrar, one sent me a contract which stated the following for audit costs:
• XXXXXX "reserves the right to increase charges during the certification period".
• Another said: "...approximately 45 days prior to the anniversary date of certificate issuance, XXXXXX shall notify the client in writing of the annual costs to maintain the certificate."
• These appear to me to be licenses to steal. It would seem prudent to get these things tied down in your initial contract.
• Remember: Contract Review!
Audit Nonconformance Questions
• How shall we be notified of non-conformancies or deficiencies?
• What is the typical response time allowed for initial response to a nonconformance identified during an audit:
Major nonconformance
Minor nonconformance
• Will a nonconformance during the initial assessment require a partial or follow up assessment to verify corrective action? If yes, what shall the cost of follow up audits be?
NOTE: Typically if there are 1 or more MAJOR non-conformances, they have to make a return visit. Minors are typically followed up by mail, FAX, etc.
• Can we be recommended for certification if there are still some minor open non-conformances? Determine details.
• How many months of internal audit records do you require before scheduling an audit?
Project Actions
Sweeps - The Discovery Phase
Sweeps
Where to Start - Documentation
Discovery Inventory
Identification
• Choose a method of verifying a swept area.
• One method I have used it to obtain some sheets of adhesive labels (we used the small coloured dots). You might want to make sure they are ‘easy peel’ labels. Label every drawer, shelf and other area swept ‘as you go’. Person checking initials, dates and places the dot where it is easily seen.
Sweeping An Area - I
Things to look for:
Documents
• Local “How To…” documents
• Specifications
• Prints
Forms, Tags
Measurement and Test Equipment
Where to look:
On every shelf
In every drawer
At every work station
On every wall
Under every table, desk, etc.
Sweeping An Area - II
Things to ask yourself as you look:
Documents
• Is there a date on the document?
• Does it appear to be ‘valid’ (current)?
• If it is a hand written document or a company ‘memo’, is there a name or department on it? Whose is it?
• Is it a system document? What system?
Shelves
• What is on the shelf? Is it garbage?
• Is the shelf labeled? Are some shelves labeled and some not labeled? If so, why?
• If the shelf is labeled, does what is on the shelf match the shelf label?
Some Things To Think About...
Work Instructions
• Does Your Job Have Relevant Work Instructions? Does It Need Work Instructions?
• Are Work Instructions Controlled?
• Is Each Signed & Dated?
• Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
• Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
• If So, Are They Signed and Dated?
Measurement & Test Equipment
• Is All Measurement and Test Equipment Calibrated and properly Labeled?
Equipment Preventive Maintenance
• Are All Equipment PMs Up To Date and to a Schedule?
More(!) Things to Think About
Defective Material
º Is Defective Material Identified and Segregated? How?
º Is A Defective Material ‘HOLD’ Area Identified?
Work Areas
º Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
º Is Each Properly Labeled (Identified)?
º Are They Where They Are Supposed To Be?
Employee Training
º Do You Know the Training Requirements Of Your Job Position?
º Is Each Employee Trained? How do we know?
º Where Are Training Records Kept?
º Are Training Records Up To Date?
Organization and Friendliness
• Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
Is there anything like glue or ink which has an expiration date?
• Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Discovery Phase (Sweeps) Check List
Discovery Phase Check List
Documentation - The Details
Why the Stress on Documentation?
• The majority of failures in both QS and ISO 9000 registration efforts has been, and continues to be, 4.2 Documentation Requirements (QS element 4.5).
• This issue is almost always evident from my first visit and I believe we all know this is typically a deep problem.
• Discontinuity is often discovered in the documentation. Even Quality Manuals are shown to have invalid links.
• Auditors will focus on the continuity and flow of documentation. Inconsistencies can keep the facility from passing the registration audit.
What is Documentation?
• Documentation is much talked about. There are different types. At Motorola, for example, there are corporate 12M’s. Sectors each have SOPs and maintains a Quality Systems Manual. Each facility has their own specific documentation (which must correlate with Sector and corporate documentation. There is also process documentation in the manufacturing areas.
• Everyone uses documentation outside of work. If you buy something (like a clock), there are instructions in the box. That is documentation.
• Think of documentation as instructions. Documentation explains how to do things.
• The auditor’s job is to make sure everyone is ‘Following Instructions’.
An Everyday Work Instruction
This is the ‘Work Instruction’ which comes with an aquarium heater. It gives the user some basic information. Note that there are graphics (several in multiple languages) in addition to the basic text. There is also a ‘selection’ guide for the purchaser.
What is Controlled Documentation?
• A controlled document is typically one that is Revision sensitive - BUT - Not always!!
• If a controlled document is changed, a record of the change has to be made. This means we must have a History of All Changes.
• If a document is changed, people who use it must know about the change. This means there has to be a distribution list or other effective way to let everyone who uses it know the document has changed.
• Every employee must know how to check to see if documentation they are using is the most current version.
‘ Standard’ Documentation Pyramid
Documentation
• Organization Charts
• Procedures
• Forms
• Tags
• Prints
• Specifications
• Statistical Data
• Inspection & Test Results
Myths vs. Truths
• Documentation Is Meant To Be Easily Changed
• The Less Documentation, The Better
Basic Rules
• Your Job & Documentation
SAY What You Do
Documentation
DO What You Say You Do
Actions
• If It’s Not WRITTEN Down, It DIDN’T Happen
Quality Records
What Are Quality Records?
• Any record where data is taken where the data is a result of inspection and/or test
• Any record which provides for traceability
• Nonconformance related documents
The bottom line here is we have to review our documents in a general sense and identify those which relate to quality issues
Typical Types of Records
• Management Review Records
• Contract Review Records
• Purchasing (Purchase Orders)
• Identification and Traceability
• Process Control
• Inspection and Test Reports and Records
° Qualification Reports
° Validation Reports
° Material Review Reports
• Control of Measurement and Test Equipment
° Calibration Reports/Data
• Non-conforming Product
° Disposition Records
• Corrective and Preventive Action
• Internal Quality Audits
• Training Records
Records Management Activities
• Management of Active records
• Records creation (forms)
• Design of records system
° Retention schedule
° Vital records protection
• Development of records procedures
° Indexing
° Filing
° Access
° Disposition
Records Required By ISO 9001
5.6.1 Management review minutes / etc.
6.2.2 (e) Education, training, skills and experience.
7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
7.3.2 Design and development inputs.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.3.7 Results of the review of design and development changes and any necessary actions.
7.4.1 Results of supplier evaluations and actions arising from the evaluations.
7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
7.5.3 The unique identification of the product, where traceability is a requirement.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results.
8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
8.5.2 Results of corrective actions.
8.5.3 Results of preventive actions.
Document Mapping
Document Mapping
• In a structured system, there are ‘levels’ of documentation. In general terms we have the description of documentation in levels or tiers. As we learned earlier there are typically 4 tiers of documentation in an organization (excluding Ad Hoc documents).
• The top tiers normally guide the content and focus of the bottom tiers. In short, each successive lower tier is DEPENDENT upon the upper tier which defines it. This is said to be a ‘Flow Down’ of requirements.
• Higher level documents normally cite lower level documents. These citations are important as they form a ‘trail’ which can be followed. The top level documents tend to be general and to some extent vague while the lower level documents provide increasing detail.
• Sometimes the reverse also happens - lower level documents cite higher level documents internally. There is controversy as to whether this is ‘good’ practice. In my opinion, requirements should Never flow up.
• Document mapping is more important now than ever as mature companies shift towards interdisciplinary (cross-functional) communication and operation. The old way was for departments to ‘pass off’ to another department. The new way causes everyone to be involved. In short, the rise of the importance of Teams requires documentation to be more integrated and consistent - and thus the need for control is greater. This is also the reason for the ‘review’ requirement.
Mapping Aspects
• Mapping starts at the top with the QA Systems Manual. This may be a sector manual or it may be a local manual.
• Validation - When you map documents, you ‘verify’ links between documents (where one document cites another within it). The first thing to verify is that the cited document exists.
• A second aspect of mapping is to verify that the content of the citation is relative. This is to say that the links should ‘make sense’. If a citation in one document says something like “The audit will be performed in accordance with procedure ABC-1234” and procedure ABC-1234 is titled ‘Calibration of Pressure Gages’, it is evident that the link is NOT Valid! It does not make sense!
• After verifying that the linked document both exists and that the links are ‘relative’ and make sense, the document is mapped to the matrix relative to the mapping project. In our case the matrix is QS 9000 line items against the document ‘class’.
Document Tiers & Classes
• It is uncommon to find ‘Pure’ documents. That is to say, it is not very often you find a document which one can clearly define as ‘only’ Tier I or Tier II or Tier III. In almost all cases there is some cross over. A good example is a Tier III document which becomes a Tier IV document. In this case we have a document which is a Tier III Procedure with some places which which will eventually be filled with data - which will then make it a Record (Tier IV).
• The idea of a defined border and thus a pure document is fine, but is seldom actually seen. Normally the closest you will come is with the Quality Systems Manual. A QSM will normally be the ‘purest’ document you will find within any given system.
• Purity is to some degree a function of company size. A company with only 20 to 50 employees with simple processes will generally have little need for ‘pure’ structure. The necessity of structure in very large companies necessitates a more defined documentation structure in large part due to necessary overall complexity.
• Also consider the idea of document classes. Classes may include production documents, engineering documents, Human Resources documents, maintenance documents, etc. From this we should understand there are usually several classes of documents in any given tier.
• Document classes are related to document tiers. In most companies there are multiple document ‘classes’. These classes are always Tier II or lower.
High Level Documentation Structure
Local Documentation Tiers
Typical Documentation Tiers
Flow Up vs Flow Down
• Not all documents have flow down requirements.
• Flow downs are normal.
• Flow downs generally reference lower level documents, but references are not mandatory.
• Flow Ups MUST *NEVER* be found.
Documentation Compliance Considerations
Mapping - Two Aspects
Line Item Matrix Mapping
Determination of Required Documents
• Once you have completed mapping your documents, you want to revisit your requirements matrix. You have gone through an initial Gap Analysis where a determination was made as to what systems exist and which ones do not. Typically the Gap Analysis gives you an idea of what Level II documents and systems are required. At this point we want to look at what Level IIIs and Level IVs exist.
Summary
Mapping internal documents is:
• Verify internal reference documents exist and that the names and numbers ‘make sense’
• Verify that the link subject matter makes sense and that requirements flow down
• Find where the document fits in the ISO 9001 line item matrix
• Examine matrix for redundancy
Process Mapping
Why Process Maps?
Typical Top Level Operations Flowchart
Business As A System (Process)
Use a Process Flow Chart!
Because:
• You want to understand your current process
• You are looking for opportunities to improve
• You want to illustrate a potential solution
• You have improved a process and want to document the new process
Creating a Process Flow Chart
1. Identify the process or task you want to analyze. Defining the scope of the process is important because it will keep the improvement effort from becoming unmanageable.
2. Ask the people most familiar with the process to help construct the chart.
3. Agree on the starting point and ending point. Defining the scope of the process to be charted is very important, otherwise the task can become unwieldy.
4. Agree on the level of detail you will use. It’s better to start out with less detail, increasing the detail only as needed to accomplish your purpose.
Creating a Process Flow Chart
5. Look for areas for improvement
• Is the process standardized, or are the people doing the work in different ways?
• Are steps repeated or out of sequence?
• Are there steps that do not ad value to the output?
• Are there steps where errors occur frequently?
• Are there rework loops?
6. Identify the sequence and the steps taken to carry out the process.
7. Construct the process flow chart either from left to right or from top to bottom, using the standard symbols and connecting the steps with arrows.
8. Analyze the results.
• Where are the rework loops?
• Are there process steps that don’t add value to the output?
• Where are the differences between the current and the desired situation?
Early Process Flow Diagram
Flowchart
Benefits of Using Flowcharts
• Promotes understanding of a process
• Identifies problem areas and opportunities for process improvement
• Provides a way of training employees
• Depicts customer-supplier relationships
Symbols Used In Flowcharts
Basic Flow Chart Example - High Level
Basic Flow Chart Example - High Level
Flow Chart Example - Low Level
Process Map Elements
Process Map Elements
Process Map Elements
7 Steps to Process Mapping
Process Mapping Worksheets
Process Mapping Steps 1 and 2
Process Mapping Step 3
Process Mapping Step 4
Process Mapping Step 4
Job Descriptions
• At this time you should be looking at what job descriptions you have and determining what job descriptions you need.
• Please don’t forget job descriptions!
Process Mapping Step 4
Process Mapping Step 5
Process Mapping Step 6
Internal Audits
Internal Audits
• You must complete at least 1 full round of internal audits prior to your registration. In addition, you have to show at least one example of where a nonconformance was identified and corrected. You must also show where you verified the effectiveness of the corrective action.
• Drive your implementation through Internal Audits.
• You can use internal audits as a method of training departmental managers and others. As you go through the audit, you explain the basics of that person’s responsibilities with respect to ISO 9001. You can also explain the basics of ISO 9001, go over the Quality Policy, etc.
• These internal audits may prove to be long and problematic. This should be expected because employees are all learning about ISO 9001 and the requirements. Sometimes they’re learning new systems and such as well.
• You may want to take a read through https://elsmar.com/Audit/
The Internal Audit
The Systematic Investigation
of the Intent, Implementation, and Effectiveness
of Selected Aspects of the Systems
of an Organization
or One or More of It’s Departments
A Typical Audit Process
Internal Audit Goal
To Collect
Objective Evidence
To Permit An
Informed Judgment
About The
Status and Effectiveness
Of The Systems Audited
Objective Evidence
• It exists
• Not influenced by emotion or prejudice
• Based on observation
• Verbal or documented
• Verifiable
• May be quantitative
• Within the systems being audited
Many Requirements
QS/ISO 9001
Contract Requirements
Company System Requirements
(Policy, Procedures, Instructions)
OSHA
EPA
Federal and State Regulatory
Internal Audits
Schedule Example
Outsourcing Internal Audits
• Many smaller companies outsource internal audits.
• Many large companies have a distinct department which carries out internal audits at facilities world-wide.
• There are a number of possible failure modes in internal auditing. You will have to make your own decision. My opinion is to outsource internal audits.
• Details are discussed in two threads:
° https://elsmar.com/ubb/Forum13/HTML/000041.html
° https://elsmar.com/ubb/Forum2/HTML/000123.html
Project Fulfillment
Enter The Registrar
The Registrar’s Document Review
• Prior to a pre-assessment, your registrar will want to review your documentation. Typically, they want your Systems Manual (Quality Manual) and a copy of your level II documents. However, some registrars only require your quality manual. ASK them specifically what they want submitted for review.
• You should not let the registrar wait to ‘the last minute’ do a document review. I often see this done. The client gets the review back at or just prior to the pre-assessment. Folks, this does not allow you any time to deal with any problems if any are encountered during the review. Try to get your review done 6 weeks or more prior to pre-assessment.
Pre-Assessment Audit
• Some registrars require a pre-assessment. Some do not.
• A pre-assessment is a valuable tool. Your relationship with your registrar is going to be an intimate one. Interpretation of the requirements with respect to your company and ‘the intent’ is a big factor in a registration. During this visit you will ‘get to know’ your registrar.
• The man-days for the pre-assessment are typically about 1/3 or less than for the registration audit.
• The pre-assessment is, like the registration audit, a sample. Everything will not be looked at.
Assessment Audit
• This is the fun audit! This is where everyone is fair game. Not much else I can say.
• This is, like all audits, a sample. But it is a big sample. They look at a representative sample of each system.
• The following slides tell you what to expect.
Reasons For Third Party Audits
• Everyone is familiar with the idea of audits. One place we are all aware of audits is in the banking industry. For years, the government has required banks to submit to periodic audits by government agencies and/or external companies who specialize in auditing. Few people want to put their money in a bank where there are no controls such as periodic audits. If there are no audits, you have no way of knowing if your bank is using your money well. If the bank is not ‘using your money well’ the bank could easily fail - then you could lose all of your money.
• Audits in other service industries and in manufacturing industries are not new. Customer audits have been going on for years. But only recently has the idea of third party audits become reality. This is in large part due to the adoption in Europe of ISO 9001 and other international standards.
Reasons For Third Party Audits 2
• The intent of third party audits is to provide assurance that a company complies with a standard or specification.
• Many people say that third party audits will eliminate customer audits. This has not been the case up to now in part because customers still see the need to ensure compliance to their specific requirements. Even QS-9000 (now IATF 16949) , specific to Ford, GM and Chrysler suppliers, does not eliminate customer audits.
What is an Auditor?
• An auditor is a person. Their job is to validate documentation. This means they look at documentation (instructions) and make sure people are following the documentation.• Auditors go from company to company validating documentation.
• Auditors are just people who ask questions about how you do your job.
Auditors Are Not!!!
• Inquisitors
• Fault Finders
• Rock Throwers
• Avenging Angels (Biased For or Against)
• Dishonest
• Overactive
What Will The Auditors Do?
• The auditors will look at written procedures and policies (verification).
• The auditors will then look at and ask how people in the company do things. They will look to make sure each person is following written procedures and policies (systems / process validation).
• They will look at records to ensure everyone is properly completing paperwork (examples would be process related documentation and SPC charts).
• They will look to make sure everyone is properly trained to do their job.
Who Will Be Audited?
• Absolutely Everyone whose job affects quality (almost everyone’s job does in some way) is subject to the audit.
• And the farther up the corporate tree you go, the more difficult the audit is. This is because as you go up the tree (eventually to the CEO), job duties and responsibilities increase.
° Corporate Personnel
° Plant Manager
° Departmental managers
° Supervisors
° Engineers
° Technical personnel
° Associates
The Audit Team
• When you are visited by an auditor, he/she will NOT be alone. At the very minimum, there will be:
° The Auditor
° A Company Escort - This will be someone from within the company who knows the area and the specification well. The escort will try to provide structure to the audit and will try to help out when he/she can. Often this will be the management representative.
° The Area Supervisor and/or Manager - The area supervisor or other person directly responsible for the area will be present.
• Remember - YOU ARE NOT ALONE!
Types of Audits
Internal Audit
An audit of internal systems and/or procedures. An internal audit is most often performed by people how directly work for the company. Many companies hire outside firms (see third party below) to perform the audits.
External Audit
Second Party - Customer Audits
• Customer audits are those where a customer (or a customer representative) performs the audit. A customer audit is not ‘objective’ because the customer is intimately involved with your company (the supplier to the customer). This involvement can BIAS the audit.
‘ Third Party’ Audits
• Third party audits are like those you think of when you think of bank audits. Banks (and other financial institutions) must hire a company or person to audit their books and procedures. The company or person hired to do the audit cannot have an ‘interest’ in the business it is auditing. This is known as an ‘Independent Audit’. Your registrar audit is a third party audit.
What Will Happen If...
• If an auditor finds a problem, s/he will let the person being audited know immediately that a possible problem may exist. In NO case will the auditor ‘find a problem’ and not discuss it with the auditee ‘on the spot’. They always tell the auditee the suspected problem. Many registrars (registrars do *NOT ALWAYS* require this) will ask the auditee (or other company official present) to sign a statement of fact of what was found (statement of objective evidence). The auditee should know that signing the statement is NOT an admission of a problem. It is an agreement of facts found. Whether or not it is a problem is discussed during end-of-day and final review meetings.
• If an auditor leaves your area and says nothing about a possible problem, you can be sure no problem(s) were found. Auditors do NOT report findings to management without discussing it with the personnel involved FIRST. There are no tricks. Nothing is ‘hidden’ until later.
Things to Know
• Know what documentation affects YOU!
° You must know what documentation applies to your job. This should have been told to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
• You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
• You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
• Know what training you have had. If you do not know, ASK YOUR MANAGER NOW! Don’t wait until the audit!
Things to Do
• Listen closely before answering any question(s). If you are not sure you understand the question, ask the auditor to repeat it. If you still do not understand the question, tell the auditor you do not understand it. The auditor will try to better explain him/herself. Never answer a question you do not understand!
• Never say “Sometimes I....”. When you do something differently because of different circumstances, explain that “When ------ happens, I...., and when +++++ happens, I ....”. Be specific.
• Always tell the Truth. Don’t ever try to hide something. You may think you are helping someone - you are not. One lie can destroy confidence. Just like in a marriage, if one spouse lies to the other and the other finds out, the relationship may be in real danger. One lie could ruin the entire audit.
• Be patient. Wait for the auditor to ask a question.
Things NOT to Do
• If you do not know the answer to a question, tell the auditor that you do not know the answer. Don’t attempt to ‘fake it’. If the auditor tries to explain again and you still do not understand the question, tell him/her again that you do not understand the question. The Escort will attempt to help if this happens.
• Do NOT try to answer a question for another person. (often registrars will *test* people for this) If the question is not about the job you are doing and you know who does that job, tell the auditor who they should ask if you know.
• Do NOT try to answer a question about another job. The only question an auditor is supposed to ask is about YOUR job. If the auditor asks you a question about someone else’s job, you should answer “That is not my job.” The escort or the other company person with the auditor must take the lead from this point.
• Do NOT try to hide from the auditor. All the auditor wants is to ask you about your job and how to do it. You know your job. You can tell the auditor about as easily as you can tell anyone else.
General Things To Know and Do
• Auditors are NOT trying to test your memory. If you have to look something up in your documentation, tell the auditor. The auditor will then tell you whether to look up the information or not.
• Only answer the auditor’s question. Do NOT volunteer information. Do NOT try to ‘help’ the auditor with additional information.
• Answer with the shortest, simplest answer you can think of. If you can answer with a Yes or No, that’s all you should do.
• Don’t try to explain things beyond the question asked. The auditor will ask questions to help him/her understand. Your job is to only answer questions asked.
• Do not tell stories or speculate what ‘may’ happen.
• Right NOW!!! If there is any documentation which you are using that you think or know is not correct, contact your supervisor immediately!
Typical Audit Questions to Expect
• What is QS-9000 (now IATF 16949) / ISO 9001?
• What is the quality policy?
• What does the quality policy mean to you?
• What documentation do you follow? Where is it?
• How do you know you are using the most recent documentation?
• Who is the Management Representative?
• How do you know what to do? Tell me about your job and your duties.
• Do you ever have problems come up? How do you handle them?
• When you find nonconforming product, what do you do?
• What are your quality responsibilities?
• What are controlled documents?
• If your documentation says you should do something a specific way and someone else tells you to do it differently, what do you do?
• What do you do if your machine jams?
If you do not know the answer to any of these questions, talk to your supervisor SOON! DO NOT WAIT!
Supervisors Should Think About...
Work Instructions
Does Every Job Have Relevant Work Instructions?
Are Work Instructions Controlled?
Is Each Signed & Dated?
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
Equipment PMs
Are All Equipment PMs Up To Date and to a Schedule?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Is DMR Material Dispositioned in a Timely Manner?
Last Things to Think About
• Employee Training
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
• SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
• Work Areas
Are Work Areas Clean and Orderly?
• Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
QS-9000 (now IATF 16949) / ISO 9001 Reminders
• Does NOT define quality
• Is NOT a one-time process
• Is NOT easy
• Requires commitment
• Requires resources
Real Life
What QS-9000 (now IATF 16949) / ISO 9001 Means To You!
You MUST:
Know Your Job Duties
Know What Training Your Job Requires
Be Able To Tell About How You Were Trained
Know What Documentation Involves YOU!
Know How To Find Out What The ‘Latest’ Version’ Is
Know What The Documentation Says
Know How The Documentation Applies To YOU!
Know What The INTENT of the Documentation
Good Luck!


   

ADVERTISEMENT

View the Elsmar Cove Privacy Policy and Terms and Conditions