Understanding and Implementing
ISO 9001
Implementing An ISO 9001 Quality Management System
An Open Source Document
This document is an Open Source document!
Huh?
•
This means it is the result of the input of may people and resources.
•
This means YOU can and may participate. If you want something included or
have a suggestion, please let me know. You can send some slides in e-mail.
Or write me and tell me about what has not been addressed but that you believe
should be addressed. If your suggestion is incorporated into the document
you will be given credit in the document. You will get updates for free as
long as the file is undergoing updates (rumour is I may die someday or decide
to do something else with my life so I can’t really use the word forever).
•
I will accept and incorporate good ‘patches’ and constructive
criticism.
•
Telling me of spelling errors doesn’t count, but will be very much appreciated.
•
This is how we do things in hackerland; it's a combination of individual visions
and collaborative synergy that makes things work. Just as it is in the Cove
forums.
Files Included in this Package
About This Document - Contents
•
This document is a ‘digest’ from many implementations I have been
involved in, information from news group snippets and forums discussions.
I have tried to make it as comprehensive as possible given the extreme range
of types and sizes of companies and their scopes of implementation. I have
also tried to address both simple and complex issues to address the needs
of the novice as well as those whose occupation is in the quality field.
•
If you are the owner or manager of a small company, you may have heard about
ISO 9000. Maybe not. Either way, if you have 10 people or less you probably
don’t have anyone with a quality assurance background. On the other
hand, if there are 20,000 employees in your company you probably have a quality
background which is why you’re here.
•
For small companies where there is no one with a quality background implementation
can appear to be overwhelming. It’s not that ISO is so difficult. It’s
that if you don’t have a good understanding of some of the quality related
concepts, such as nonconformance and corrective action systems, it becomes
much like taking up a new occupation (after how many years?) or learning a
new language.
Sample Flow Charts
There are several resources included.
These are each different sets of flow charts.
°
One is a directory of gifs which you can open with your picture editor. Sample_Flow_Charts-jpg_Format
is the directory name.
°
Map_Examples is a directory with some linked flow charts. Open the file index.html
with your browser.
°
The file Flow_Charts.ppt has a number of more current flow charts examples
(ideas!).
°
The file Flowcharting.pdf contains some help on how to make a flow chart.
Major flow charts have details on system requirements.
Introduction
The Purpose of this Presentation is to Provide an Overview of ISO 9000 and
to discuss Implementation Methodologies
Implementation Considerations
•
You are not the first. Over 345,000 organizations have registered to ISO 9000
by early 2001.
•
A main point to remember as you traverse this tome is that each company is
different. There is no way I can address every possible type and size of company.
The contents represent the basis of a methodology I have used over the last
8 years in implementing ISO 9001 and QS-9000 (now IATF 16949) in facilities as large as 10,000
souls, as small as 8 persons, in companies as large and complex as Motorola,
as ‘unusual’ as Harley-Davidson, and as unique as an insurance
company. The methodology is structured. Very structured. How closely you follow
the path will depend upon your specific circumstances and needs as well as
your own beliefs. Some companies go slowly. Some companies do not want a complex
project plan. Some companies insist on a complex project plan. But, more on
this later.
•
As much as anything else, you will have to assess my recommendations with
consideration to your circumstances.
Quality Systems
ISO 9000 Family of Documents
ISO9001 DIS Structure
ISO 9001 Vs Baldrige
Malcolm Baldrige National Quality Award Criteria Circa 4/2001
1. Leadership
°
Organizational Leadership
°
Public Responsibility and Citizenship
2. Strategic Planning
°
Strategy Development
°
Strategy Deployment
3. Customer and Market Focus
°
Customer and Market Knowledge
°
Customer Relationships and Satisfaction
4. Information and Analysis
°
Measurement and Analysis of Organizational Performance
°
Information Management
ISO 9000
The Ultimate Goals of ISO 9001 are:
1. To Provide Consistent Processes
(Documented Systems Provide For Consistency)
With Defined RESPONSIBILITIES
2. Customer Satisfaction
3. Continuous Improvement
Periodic Audits Ensure Systems Are Working
Where Did It Come From?
Liability
By defining practices, Liability is addressed. In fact, the whole ISO 900X series
is the reaction to a need to assign
Responsibility
For international trade issues involved in bringing the continent together into
the ‘European Union’. The foundation drifted to be a ‘quality
standard’.
Liability
•
The ISO 9000 series is a vehicle to address liability issues
•
Driver was the European Common Market
•
Is relevant locally and world wide
Origins
ISO 9001 and Quality
•
ISO 9001 Has Nothing To Do With the Quality of a Product or Service
Cement Life Preserver
The Classic Example
•
The year 2000 version of ISO 9001 carries a revised title, which no longer includes
the term Quality Assurance. This reflects the fact that the quality management
system requirements specified in this edition of ISO 9001 address quality assurance
of product as well as customer satisfaction.
•
See https://elsmar.com/ubb/Forum5/HTML/000063.html
•
Conformance to Specifications
•
Consistency of Processes
The Main ISO 900x Documents
•
ISO 9000
NEW: Quality Management Systems - Fundamentals and Vocabulary
OLD: Replaces the old ISO 8402:1994
•
ISO 9001
NEW: Quality Management Systems - Requirements
OLD: Quality Systems - Model for Quality Assurance in Design, Development, Production,
Installation and Servicing
•
ISO 9004
NEW: Quality Management Systems - Guidelines for Performance Improvement
OLD: Quality Management and Quality System Elements - Guidelines
The Stated Intent of ISO 9001
0 INTRODUCTION
0.1 General
This International Standard specifies requirements for a quality management system
that can be used by an organization to address customer satisfaction, by meeting
customer and applicable regulatory requirements. It can also be used by internal
and external parties, including certification bodies, to assess the organization's
ability to meet customer and regulatory requirements.
The adoption of a quality management system needs to be a strategic decision
of the organization. The design and implementation of an organization's quality
management system is influenced by varying needs, particular objectives, the
products provided, the processes employed and the size and structure of the organization.
It is not the purpose of this International Standard to imply uniformity in the
structure of quality management systems or uniformity of documentation.
It is emphasized that the quality management system requirements specified in
this International Standard are complementary to technical requirements for products.
Differences In Sectors
1.2 Permissible exclusions
The organization may only exclude quality management system requirements that
neither affect the organization's ability, nor absolve it from its responsibility,
to provide product that meets customer and applicable regulatory requirements.
These exclusions are limited to those requirements within clause 7 (see also
5.5.5), and may be due to the following:
(a) the nature of the organization's product;
(b) customer requirements;
(c) applicable regulatory requirements.
Where permissible exclusions are exceeded, conformity to this International Standard
should not be claimed. This includes situations where the fulfillment of regulatory
requirements permits exclusions that exceed those allowed by this International
Standard.
Service As A Product
3.1 - product - result of a process
NOTE 1: There are four agreed generic product categories:
- hardware,
- software,
- services,
- processed materials.
Most products are combinations of some of the four generic product categories.
Whether the combined product is then called hardware, processed material, software
or service depends on the dominant element.
Why Do It?
•
I’ll bet either a customer requirement or your sales / marketing folks
dreamed this up for you to do, right? Almost all implementations are the result
of one or the other. I have never had a client which simply decided to do it
because they felt doing so would be beneficial to the company. This is not to
say improvement is not an issue. It almost always very much is. But that has
never been the spark that initiated the process.
•
Many of you know I’m not a proponent of registration per se. For some companies
it is a good thing. They lack the internal discipline necessary to ensure people
are doing what they are supposed to be doing.
•
I am a gung ho proponent of the implementation process. In the very least, it
necessitates a serious housekeeping effort. The process typically opens everyone’s
eyes to what they are doing and why. Often I refer to the early stages of implementation
as the Discovery Phase. I cannot tell you how many times I have heard “I
didn’t know we were doing that!” Sometimes it’s scary thinking
how far in the dark some people are in so far as knowing and understanding what
they’re supposed to be doing goes. Which is pretty far. I have never seen
an implementation which did not benefit the company in some way.
Why Do It?
•
Process Improvements
°
Theoretically, as you implement the system, you have the opportunity to improve
your processes. You will outline the current process, add the requirements of
the standard and then optimize the process with input from the process users.
•
Increased Quality Awareness
°
Theoretically, as the system is implemented, quality awareness will increase
because all staff must be trained on ISO 9000, staff must be trained on processes
as they are implemented and staff will have "ownership" of processes
they are involved in developing and improving.
Project Duration
How long will it take?
°
An implementation project will typically take about 6 to 9 months, but will range
from 3 to 20 months.
°
Factors that will affect the timeline include:
∞
Size and complexity of the organization.
∞
Existing systems
∞
How much existing documentation is available which can be used.
∞
Amount of resources available for the project
∞
ISO expertise available.
Simple Schedule
Typical Costs
Payback
•
Companies minimize deficiencies in supply and support of products and services.
•
Companies identify problem areas and address them quicker.
•
Companies identify customer needs more accurately.
•
Companies become more consistent in their product and services.
Who’s Doing It & General Issues
The ISO organization publishes a yearly assessment of the ISO 9001 distribution.
°
ISO9K-8thCycleSurvey.pdf (through December 1998)
°
ISO9K-9thCycleSurvey.pdf (through December 1999)
The Magical Demystifying Tour of ISO 9000 and ISO 14000
°
http://www.iso.ch/9000e/magical.htm
A Quality Management System?
System vs. Process
•
System
Pronunciation sI stEm
Definition A group of related things or parts that function together as a whole.
Example The school system in our city.
•
Process
Pronunciation pra sehs
Definition A systematic sequence of actions used to produce something or achieve
an end.
Example An assembly-line process.
What is a System?
•
Collection of interacting parts functioning as a whole.
•
Collection of subsystems that support the larger system.
•
Collection of processes oriented toward a common goal.
•
The organization as a system.
Trade Relationships
The Organization as a System, Subsystems, and Processes
Systems and Subsystems
Organization As An Extended System
Organization As An Extended System
Extending Outside the Organization
An Extended System
Measures In The Extended System
Quality Through Process Improvement
What is a Process?
•
A series of operations or steps that results in a product or service.
•
A set of causes and conditions that work together to transform inputs into an
output.
Examples of Processes
Significant and Critical Processes
•
Significant Processes
°
Are processes by which the mission-essential work of the organization is accomplished.
°
Contribute directly to meeting the needs and requirements of customers.
°
Can be traced from output (to external customer) back to input (to the organization).
•
Critical Processes
°
A stage within a significant process.
°
One that is deemed as most important for control and improvement.
Special Characteristics
With Regard to QS-9000 (now IATF 16949)
•
The AIAG defines a Special Product Characteristic as a product characteristic
for which reasonably anticipated variation could significantly affect a product’s
safety or compliance with governmental standards or regulations, or is likely
to significantly affect customer satisfaction with a product. Ford Motor Company
divides Special Characteristics into two categories: Critical Characteristics
and Significant Characteristics
•
Critical Characteristics are defined by Ford as product or process requirements
that affect compliance with government regulation or safe product function, and
which require special actions or controls. In a design FMEA, they are considered
Potential Critical Characteristics. A Potential Critical Characteristic exists
for any Severity rating greater than or equal to 9. In the process FMEA, they
are referred to as Actual Critical Characteristics. Any characteristic with a
Severity of 9 or 10 which requires a special control to ensure detection is a
Critical Characteristic. Examples of product or process requirements that could
be Critical Characteristics include dimensions, specifications, tests, assembly
sequences, tooling, joints, torques, welds, attachments, and component usages.
Special actions or controls necessary to meet these requirements may involve
manufacturing, assembly, a supplier, shipping, monitoring, or inspection.
Characteristics I
•
CHARACTERISTIC: A distinguishing feature, dimension or property of a process
or its output (product) on which variable or attribute data can be collected.
(P39 APQP)
•
CHARACTERISTIC, CRITICAL, CHRYSLER DEFINITION: Characteristics applicable to
a component, material, assembly, or vehicle assembly operation which are designated
by Chrysler Corporation Engineering as being critical to part function and having
particular quality, reliability and/or durability significance. These include
characteristics identified by the shield, pentagon, and diamond. (49 PPAP)
•
CHARACTERISTIC, CRITICAL (INVERTED DELTA), FORD DEFINITION: Those product requirements
(dimensions, performance tests) or process parameters that can affect compliance
with government regulations or safe vehicle/product function, and which require
specific supplier, assembly, shipping, or monitoring and included on Control
Plans. (P49 PPAP)
•
CHARACTERISTIC, CRITICAL, GM DEFINITION: See Key Product Characteristic. (P49
PPAP)
•
CHARACTERISTIC, KEY CONTROL (KCCs): Those process parameters for which variation
must be controlled around a target value to ensure that a significant characteristic
is maintained at its target value. KCCs require ongoing monitoring per an approved
Control Plan and should be considered as candidates for process improvement.
(P49 PPAP)
•
CHARACTERISTIC, KEY PRODUCT (KPC): Those product features that affect subsequent
operations, product function, or customer satisfaction. KPCs are established
by the customer engineer, quality representative, and supplier personnel from
a review of the Design and Process FMEA’s and must be included in the Control
Plan. Any KPCs included in customer-released engineering requirements are provided
as a starting point and do not affect the supplier’s responsibility to
review all aspects of the design, manufacturing process, and customer application
and to determine additional KPCs. (P49 PPAP)
Characteristics II
•
CHARACTERISTIC, PROCESS: Core team identified process variables (input variables)
that have a cause and effect relationship with the identified Product Characteristic(s)
which can only be measured at the time of occurrence. (6.3 #20 APQP)
•
CHARACTERISTIC, PRODUCT: Features or properties of a part, component or assembly
that are described on drawings or other primary engineering information. (6.3
#19 APQP)
•
CHARACTERISTIC, PRODUCT, CRITICAL (D), CHRYSLER DEFINITION: A defect which is
critical to part function and having particular quality, reliability, and durability
significance. (QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, PRODUCT, MAJOR, CHRYSLER DEFINITION: A defect not critical to
function, but which could materially reduce the expected performance of a product,
unfavorably affect customer satisfaction, or reduce production efficiency. (QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, PRODUCT, MINOR, CHRYSLER DEFINITION: A defect, not classified
as critical or major, which reflects a deterioration from established standards.
(QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, PRODUCT, SAFETY/EMISSION/NOISE (S), CHRYSLER DEFINITION: A defect
which will affect compliance with Chrysler Corporation and Government Vehicle
Safety/Emission/Noise requirements. (QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION “Shield <S>: Specifications
of a component, material, assembly or vehicle assembly operation which require
special manufacturing control to assure compliance with Chrysler Corporation
and government vehicle safety requirements. (QS-9000 (now IATF 16949) )
Characteristics III
•
CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION: Specifications which require special
manufacturing control to assure compliance with Chrysler or government vehicle
safety requirements. (P50 PPAP)
•
CHARACTERISTIC, SIGNIFICANT, CHRYSLER DEFINITION: Special characteristics selected
by the supplier through knowledge of the product and process. (QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, SPECIAL: Product and process characteristics designated by the
customer, including governmental regulatory and safety, and/or selected by the
supplier through knowledge of the product and process. (P104 APQP)
•
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>:
Specifications of a component, material, assembly or vehicle assembly operation
which are designated by Chrysler as being critical to function and having particular
quality, reliability and durability significance. (QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>:
Specific critical characteristics that are process driven (controlled) and therefore
require SPC to measure process stability, capability, and control for the life
of the part. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Pentagon” <P>:
Limited to highlighting Critical characteristics on (Production) part drawings,
tools and fixture, and tooling aid procedures where ongoing process control is
not automatically mandated. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Shield” <S>:
Engineering designated specifications or product requirements applicable to component
material, assembly operation(s) which require special manufacturing control to
assure compliance with governmental vehicle safety, emissions, noise, or theft
prevention requirements. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
Characteristics IV
•
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Critical Characteristic” <Inverted
Delta>: Those product requirements (Dimensions, Specifications, Tests) or
process parameters which can affect compliance with government regulations or
safe Vehicle/Product Function and which require specific producer, assembly,
shipping or monitoring actions and inclusion on the Control Plan. (Appendix C
QS-9000 (now IATF 16949) ) & (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant Characteristic -
SC” <None>: Those product, process, and test requirements that are
important to customer satisfaction and for which quality planning actions shall
be included in the Control Plan. (Appendix C QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant/Characteristic -
S/C” <None>: Characteristics that are important to the customer and
that must be included on the Control Plan. (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, GM DEFINITION “Fit/Function” <F/F>:
Product characteristic for which reasonably anticipated variation is likely to
significantly affect customer satisfaction with a product (other than S/C) such
as its fits, function, mounting or appearance, or the ability to process or build
the product. (Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S/C>:
Product characteristic for which reasonably anticipated variation could significantly
affect customer the product’s safety or its compliance with government
regulations (such as: flammability, occupant protection, steering control, braking,
etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix
C QS-9000 (now IATF 16949) )
•
CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S>:
Product characteristic for which reasonably anticipated variation could significantly
affect customer the product’s safety or its compliance with government
regulations (such as: flammability, occupant protection, steering control, braking,
etc. . .), emissions, noise, radio frequency interference, etc. . . (Appendix
C APQP)
Characteristics V
•
CHARACTERISTIC, SPECIAL, GM DEFINITION “Standard” <None>: Product
characteristic for which reasonably anticipated variation is unlikely to significantly
affect a product’s safety, compliance with governmental regulations, fit/function.
(Appendix C QS-9000 (now IATF 16949) ) & (Appendix C APQP)
•
CHARACTERISTIC, SPECIAL, PROCESS (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A
process characteristic for which variation must be controlled to some target
value to ensure that variation in a special product characteristic is maintained
to its target value during manufacturing and assembly. (P57 FMEA)
•
CHARACTERISTIC, SPECIAL, PRODUCT: Core team compilation of important product
characteristics from all sources. All Special Characteristics must be listed
on the Control Plan. (6.3 #19 APQP)
•
CHARACTERISTIC, SPECIAL, PRODUCT (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT): A
product characteristic for which reasonably anticipated variation could significantly
affect a product’s safety or compliance with governmental standards or
regulations, or is likely to significantly affect customer satisfaction with
a product. (P55 FMEA)
•
CHARACTERISTIC, SPECIAL, TOOLING, CHRYSLER DEFINITION “Pentagon” <P>:
Critical tooling symbol used to identify special characteristics of fixtures,
gages, developmental parts, and initial product parts. (QS-9000 (now IATF 16949) )
•
CONTROL ITEM PART, FORD DEFINITION: Product drawings/specifications containing
Critical Characteristics. Ford Design and Quality Engineering approval is required
for changes to Control Item FMEA’s and Control Plans. (QS-9000 (now IATF 16949) )
Critical Characteristics Matrix
What Is A Quality Management System?
•
In the Words of the ISO Folks:
°
“Both ISO 9000 and ISO 14000 are known as generic management system standards.”
°
“Generic means that the same standards can be applied to any organization,
large or small, whatever its product – including whether its ‘product’’ is
actually a service – in any sector of activity, and whether it is a business
enterprise, a public administration, or a government department.”
•
What this amounts to is the ISO 9001 requirements are what the ISO folks have
determined to be ‘Best Practices’ in a business. The ISO folks comment
that these are “…now available to small companies…”.
I contend they always have been and, in fact, most of my smaller clients had
well established systems which functioned quite well to begin with. It’s
hard to say that their ISO registration process was particularly value added.
As with the vast majority of companies, they were required by one or more customer(s)
to register. Or the sales folks saw registration as a potential for increased
sales (everyone’s doing it).
What is a QMS?
Are we talking about ISO 9001 or QS-9000 (now IATF 16949) or what, here?
To start out, let’s discuss what you are planning to do. Throughout this
document you will see ISO 9001 and QS-9000 (now IATF 16949) cited. We are, at the bottom level,
talking a System. With respect to ISO 9001 (and QS-9000 (now IATF 16949) and TS 16949 for that
matter) it is called a Quality Management System. With the ISO 9001 release,
page vi defines it in a diagram. Below is the version from the DIS. ISO 14001
requires an Environmental Management System.
ISO 9001 QMS ‘Process Model’
ISO 9001 QMS ‘Process Model’
One of the interesting parts of this system is Continuous Improvement of the
Quality Management System is specified as the result. Not improvement of the
product. One can argue if you improve you quality system the product should improve
as well. However, this is just not always the case.
ISO 14001:1996 EMS ‘Process Model’
The below is from page vi of ISO 14001:1996.
Notice it is not drawn as a closed loop system as is the ISO 9001 system.
The ISO Standards
ISO 9000:2000 Quality management systems – Fundamentals and vocabulary
Establishes a starting point for understanding the standards and defines the
fundamental terms and definitions used in the ISO 9000 family which you need
to avoid misunderstandings in their use.
ISO 9001 Quality management systems – Requirements
This is the requirement standard you use to assess your ability to meet customer
and applicable regulatory requirements and thereby address customer satisfaction.
ISO 9004:2000 Quality management systems – Guidelines for performance improvements
This guideline standard provides guidance for continual improvement of your quality
management system to benefit all parties through sustained customer satisfaction.
ISO 19011 Guidelines on Quality and/or Environmental Management Systems Auditing
(currently under development)
Provides you with guidelines for verifying the system's ability to achieve defined
quality objectives. You can use this standard internally or for auditing your
suppliers.
ISO 10005:1995 Quality management – Guidelines for quality plans
Provides guidelines to assist in the preparation, review, acceptance and revision
of quality plans.
ISO 10006:1997 Quality management – Guidelines to quality in project management
Guidelines to help you ensure the quality of both the project processes and the
project products.
ISO 10007:1995 Quality management – Guidelines for configuration management
Guidelines to ensure that a complex product continues to function when components
are changed individually.
Required Level II Flow Charts (Procedures)
4.2.3 Control of Documents
4.2.4 Control of Quality Records
8.2.2 Internal Audit
8.3 Control of Nonconformity
8.5.2 Corrective Action
8.5.3 Preventive Action
Some Other Expected Process Maps
°
Product ID / Traceability ( 7.5.2)
°
Customer Property (7.5.4)
°
Preservation of Product (7.5.5)
°
Validation of Processes (7.5.2)
°
Process Measurement / Monitoring (8.2.3)
°
Product Measurement / Monitoring (8.2.4)
°
Analysis / Improvement (8.4, 8.5)
•
Some of you will be implementing in small companies. Some of you will be implementing
in very large companies. In this document there is a mix of information. Some
is appropriate to larger companies and some is targeted to smaller companies.
In general it should be obvious but the rule of thumb is the bigger the company
the more complex the issues become. Multi-nationals are the most complex, as
one would expect.
•
While this presentation is aimed at ISO 9001, it applies to ISO 14001 and QS-9000 (now IATF 16949)
as well, for the most part. There are a number of additional issues associated
with QS-9000 (now IATF 16949) , however in general the intent is the same in so far as the ISO
9001:1994 requirements basis. Implementing ISO 9001 vs. QS-9000 (now IATF 16949) is no different.
From sweeps to document mapping, you have to determine what you have, what you
need and how you want to get to the finish line.
•
Do not forget that implementing a QMS is a project.
The Fed Ex Registration
Food for thought… Discussion at: https://elsmar.com/ubb/Forum2/HTML/000078.html
Subject: RE: ISO 9001 Certified Virtual Office
Just as a point of clarification, the Fed-Ex audit approach was an exception
to the rule. You are correct in stating that registrars need to follow rules
for multi-site sampling. In this unique case, the RAB did approve the unusual
approach used by the registrar. The exception was approved due to the unique
design of Fed-Ex's systems. It is unlikely that another organization will duplicate
these systems. Therefore, we should not expect to see this unique audit approach
used for other organizations.
Indeed it was a virtual audit because hundreds of field offices were audited
without the auditor physically being there. My agreement of confidentiality does
not allow me to share more with you. Unless you fully understand how the Fed-Ex
systems is set up, it is difficult to see that conducting a virtual audit is
possible. It remains a controversial certification because of the approach used
and the fact that it has not yet been used at another organization.
A Consultant?
Basic Reasons To Consider A Consultant
•
To help plan your project
°
An efficient implementation begins with a solid plan, taking into account those
things you need to work on, leaving out those things which are already in place,
and developing an accurate estimate of how long each implementation phase should
take.
•
To help interpret the standard
°
A consultant who understands the standard's requirements can prevent wasted time
doing things the standard does not require, or doing things in a way that does
not meet the standard. You do not want to have to undo any of your hard work.
•
To allow you to benefit from experience
°
Using a consultant allows you to begin work right away without having to learn
things on your own, and without having to learn by your mistakes.
•
To watch your timeline
°
A consultant can work with your steering team and ISO point teams and make sure
the work is done within the time allowed on the timeline.
Role of Consultant - Piano Teacher?
•
‘Full Service’
On-site full-time for the duration of the project. Various roles & Responsibilities.
•
Visits - As Required
Track progress through interviews (meetings) and ‘internal audits’.
Address interpretations issues. Help with systems design.
•
Internet / Phone
Verify systems documents
Discuss interpretations and systems
Answer general questions
NOTES: Training can be applied to any of the above but is on-site.
Internet / Phone is always available
Deliverables
•
Dependent Upon The Client’s Needs and Expectations
•
Must Be Agreed To In Advance
•
May Change During Project
•
May Include:
Project Management
Systems Design
Systems Documentation
Training
Internal Auditing
Implementation Guarantees
•
Some companies offer ‘guarantees’. Consider the details / requirements
carefully.
•
Typical Disclaimer Example
“
The ISO 9001 Network guarantees that your company will achieve ISO 9001, QS-9000 (now IATF 16949) ,
or ISO 14000 certification if you follow our program.” - From http://www.isonet.com/Gaurantee.htm
(sic)
•
The time it takes to implement a system is inversely proportional to the company’s
involvement and prioritization. As involvement and/or priority increases, time
decreases. Pretty much a ‘no brainer’.
Example Guarantee Program
8-Step Guaranteed Registration Plan
PIC has now designed a cost effective training and consulting package to help
your organization achieve registration -- GUARANTEED!
Our philosophy is to assist your company in developing and applying the skills
necessary to plan, implement and achieve registration.
Our 8-Step Guaranteed Registration Plan includes:
1. ISO/QS-9000 (now IATF 16949) Introduction Seminar - Training
2. ISO/QS-9000 (now IATF 16949) Awareness Sessions - Training
3. ISO/QS-9000 (now IATF 16949) Needs Assessment - Consulting
4. ISO/QS-9000 (now IATF 16949) Implementation/Documentation - Training
5. ISO/QS-9000 (now IATF 16949) System Development, Consulting, Coaching, Training
6. Choosing a Registrar - Consulting
7. Part A: ISO/QS-9000 (now IATF 16949) Internal Auditor Training
Part B: Internal Auditor Site Coaching - Training
8. Part A: Pre-Assessment Audit - Consulting
Part B: Registration Audit - Consulting
A Consultant? Some Last Thoughts...
1. Prepare a statement outlining the nature, scope and objectives of the assignment.
2. Circulate this written statement to the key people in your organization inviting
them to comment by a specific date in terms of whether it defines the need accurately
and whether the assignment should be tackled internally or external help sought.
3. Define the expertise you will need.
4. Invite the consultant for an interview.
5. Brief the staff who will be involved in the selection process.
6. Avoid organization jargon.
7. Ask the consultant to describe how the assignment will be approached.
8. Request references, in confidence, to provide real examples of previous assignments
carried out and check with the referees how successfully the assignment was carried
out. Do not buy on price alone.
9. Express the assignment you wish carried out in terms of the end results, i.e.
outputs, that you want to achieve.
10. IF YOU PROCEED… Provide resources and executive commitment. There is
no point in seeking consultancy help unless you have the will, the resources
and the organization resolve to follow the advice you get.
Implementation - The Process
Implementation Strategies
•
Compressed Project
Drop Dead Date
High Priority Project Management Approach
Intimate high level management involvement
Regular Scheduled Meetings
•
Business As Usual
Low stress
Low Priority Project Management Approach
Slipping schedule not critical
Irregular Meetings
•
Meandering
Slipping schedule not important
Low level management support / involvement
Irregular meetings
Project tends to ‘Fade Away’
Project Scope Considerations
•
Single Location
Current company / facility status
Scope of registration
Training needs
Implementation strategy
Resource allotment
•
Multiple Locations
Single or shared certificate
Degree of shared documentation
Degree of shared data / information systems
Network Capacity / Capability
NOTE: Single location considerations all apply to multiple location projects.
Implementation Commandments
•
You cannot give someone a responsibility without publicly conferring authority
to act.
•
If top management doesn’t care, no one else will care.
•
If planned meetings are not attended, ‘someone’ isn’t serious
about their part in the project.
•
Track the project publicly. Publicize status weekly or bi-weekly.
•
Communication may not be everything, but it is the largest single stumbling block.
No camps with walls.
•
If people do not have enough time to begin with, they won’t have time for
this.
Initial Basic Suggestions
•
I suggest you make and use a ‘history’ binder.
•
Make a list of your departmental ‘responsibilities’.
Think INPUTS and OUTPUTS
•
Prioritize each into ‘Tiers’ or ‘Levels’ in accordance
with the Document Pyramid herein. Categorization is approximate.
•
Make a Plan or Schedule for each.
•
Always ask, as the auditor will:
“
Does this affect the quality of our product(s)?”
‘
Standard’ General Registration Path
•
Assess your situation (Pre-assessment)
Also called Gap Analysis
•
Consultant?
•
Define a plan with time line & begin
•
Interview and choose registrar
•
Documentation processes
•
Manage transitional activities
•
Registrar document review
•
Registrar pre-assessment
•
Corrective actions
•
Registration audit
Implementation time frame: 3 months to 2 years
Top Level Project Flow
‘
Typical’ Detailed Implementation Steps Example
1 Determine Specific Requirement(s)
2 Define Time to Complete Requirement
3 Define Scope of Assessment
4 Project Set-Ups
5 Write Company Quality Systems Manual
6 Document Company Quality Policy
7 Define Documentation Systems
8 Document Master Numbering System
9 Establish Master Binders
10 Procedures History Binder
11 Project Master Binder
12 Review Status
13 Contact Registrar
14 Agree on Scope
15 Agree On Fees (Try to Bargain)
16 Agree On Audit Date(s)
17 Submit Required Documentation
18 Review Status
19 Awareness & Information Meetings - Hourly
20 ISO 9000 Awareness
21 Work Instructions & Documentation
22 Auditee Training
23 Awareness Reinforcement
24 Review Status
25 Tier 2 (Systems) Documentation
26 Gather Documentation Examples
27 Cross-Area Teams Define & Flow Chart Master Systems
28 Systemic Needs Analysis (Data From Walk-Thrus & Audits)
29 Determine & Integrate Additional Systems Requirements
30 Systems Procedural Documentation & Flow Chart Integration
Project Definition
Defining Responsibilities
Example Organizational Chart
Before you do anything else, be sure you have defined responsibilities from the
top down. This is the typical method - An Organizational Chart.
Top Management
•
ISO talks about 'Top Management'. Pundits talk about how ISO can only succeed
if 'Top Management' is involved. Just who is Top Management?
•
In your registration it will depend upon your company. I have argued that top
management support is not always necessary for an implementation to succeed.
In fact, often the 'real' top management of a company is hardly, if at all, involved.
This is very common in sole proprietor situations. The owner, though involved
in the business to some degree, essentially delegates all responsibility to a
plant manager or other position. The owner often never even meets the registration
auditors.
•
You have to take a good look at your company structure to determine who, in your
company or facility, will be the 'targets' (Top Management).
•
See Clause_Interp_and_Upgrading.doc for details.
Responsibilities
Let's talk about Responsibilities
•
There are a number of ways to look at defining responsibilities.
°
Organizational Charts
•
Smaller companies usually only require a single 'org chart'. I have seen some
put it right in the front of their 'quality manual'.
•
Many companies have numerous organizational charts from high level 'corporate
masters' down to the level of each individual department. In larger companies,
it should be noted, that these are typically in a state of flux. New 'positions'
are made and others are eliminated. It is important for you to note that these
are Controlled documents. A somewhat common failure mode is a loss of control
or not defining who is responsible for the control of the organizational charts.
°
Matrices
°
Procedures
Other Responsibilities
•
The following are matrices used to define responsibilities in another way. We
have discussed org charts, procedures and such, but what about people knowing
what they are responsible for knowing and following?
•
Typically this is done during employee training. But - right now we're implementing.
How do we know who is responsible for knowing about what and who is responsible
for what systems.
•
The following slides are from an old implementation, however they may serve to
illustrate tracking a large implementation project.
An Example Area ‘Element Responsibility’ Chart
Department Specific Responsibility Tracking
Typical Failure Modes
•
Can’t explain systems and/or documentation
•
Lack of management involvement
•
Personnel not following documentation
•
Poor communication and/or training
•
Lack of documentation
•
No or inadequate document control
•
Poor record keeping and systems
•
More details at http://www.Elsmar.com/failure.html
Critical Success Factors
•
Dedicated ‘Company Knowledgebase’
(Coordinator and/or Management Representative)
•
Pre-assessment (document and interview)
•
Involved, supportive top management
•
Receptive culture
•
Focus on business rather than functional areas
•
Prioritize processes based on customer needs, anticipated benefits, and potential
for success
United States - IRS Deduction Ruling
•
IRS Revenue Ruling 2000-4
Implementation costs are tax deductible in the same year.
Registration costs and registration upkeep costs are tax deductible in the same
year.
•
Internal man hours
•
Internal capital expenses
•
Consultant fees
I have seen combined implementation / registrar costs as low as US$10,000 and
as high as US$10+M.
A Plan - Think Project
Example Project Plan Snippet
Support of Upper Management?
On 2/7/01 12:31 PM in article [email protected]. worldnet.att.net,
WL at [email protected] wrote :
>>
You could bet your house on the statement "never, ever has
>>
there been an implementation of any quality system without
>>
top management's full support".
>>
>>
Many champions of change have tried, and been fired for their
>>
insubordination.
Nonsense. Many implementations do, in fact, succeed without the 'full' support
of top management. Change your statement to read "...without some support
from top management..." and I'll agree. Also see the Project Kickoff slide
herein.
A Management Committee
Most companies establish a management committee (Steering Committee) to ensure
buy-in and to ensure communication. No one likes dictates and surprises in an
implementation project.
Obviously if there are only 25 employees in your company a committee may not
make sense. However, this does not reduce the necessity to appropriately (we
must use common sense here) communicate with employees to ensure everyone has
a chance to buy into the process, provide inputs and to respond to outputs.
Project Kickoff
Many companies schedule a Kickoff Meeting to establish the project as official.
While it is typical for ‘upper management’ (the ‘top dog’)
to play a mostly invisible part in the project, the ‘top dog’ should
be at this meeting as well as other ‘upper’ and middle management
folks. The ‘top dog’ should (must?) voice his/her total support for
the project.
This is where top management personally pledges support for the project.
What Does This Mean To YOU?
•
Check your local newspaper ‘Help Wanted’ advertisements.
•
You will see ISO9000 Experience Preferred or ISO9000 Experience Required.
•
No matter where you go in the world, working in an ISO 9000 environment is a
Plus in employment.
Premise
•
Old:
The other shift must have done that.
That’s not my job.
I’m manufacturing (or quality or whatever...)
They brought it to me that way.
•
New:
Check incoming.
It is everyone’s job to Be Involved and to Care.
We’re all one company! It’s your job, too!
Communicate!
Discovery! The Sweeps!
•
Open your eyes during this Discovery Period - there are things you can’t
see.
•
Ask yourself about what your jobs are and the details of each job.
•
Self Inspection - Be aware of the output of your jobs. You are responsible.
•
Be looking for improvements at all times.
•
Remember that we are not here to blindly document everything.
Success Based Upon
•
Communication - ensure your ‘borders’, talk to your neighbors.
•
Communication - your business is a machine where many parts must ‘talk’ to
each other.
•
Communication - tell your neighbor your problems and listen to your neighbor’s
problems.
Old and New
•
Most of your audits up until now have been Product and Process audits by Customers.
•
ISO9000 is a Systems audit which focuses on all systems and all products. A significant
feature is a focus on process interactions.
Remember -- The Idea is NOT....
•
To start a lot of new documentation. Scott Adams is wrong (Dilbert). Not everything,
like handling (often), has to be documented. But - we must use common sense.
•
To change the way you do things every day.
•
To ‘Right Every Wrong’. Take the easy stuff and change it. Take the ‘Hard’ stuff
- Identify it and make a Plan to address the issue
The Basics
Say What You Do
This means document your systems so you will consistently do the job the same
way every time. We must make sure we have appropriate documentation. Use common
sense!
Do What You Say
This is what the auditors want to see. Objective evidence that what you say you
are doing in your documentation is what you are doing in practice.
Things to Know
•
Know what documentation affects YOU!
You must know what documentation applies to your job. This should have been told
to you when you were trained to do the job. If you are not sure what documentation
applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
•
You must follow all documentation that applies to you. If it says you do something
a certain way, you must do it that way.
•
You must complete all forms. If you are supposed to initial and date when you
do something, the auditors will check to ensure you complete the form the way
you are supposed to.
•
Know what training you have had. If you do not know, ASK YOUR SUPERVISOR NOW!
Don’t wait until the audit!
Organization and Friendliness
•
Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
•
Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Managers Should Think About...
•
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been
Updated By Hand?
If So, Are They Signed and Dated?
What is your company policy on white-out?
•
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
•
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Last Things to Think About
•
Employee Training - System in Process
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
•
SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
•
Work Areas
Are Work Areas Clean and Orderly?
•
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
A “War Room”
(Status and Tracking)
Discovery and Classification
Define Document Types
(Classifications)
More on Documentation
Interviewing A Registrar
Basics
•
I want to remind you that choosing a registrar is like choosing a life partner.
While it may not be ‘Until death do us part’, it is quite close.
•
The intent herein is not for every question to be asked, but rather as a sort
of check list to jog your thoughts with respect to YOUR company’s requirements.
Do remember that anything not discussed early is subject to interpretation later!
•
Some important starters:
Who (e.g.: RAB) is the registrar approved by?
Will the registrar provide client names and references?
How many Man days and how many Auditors? (Registration vs Surveillance)
How do they conduct surveillance visits? Scheduled or unscheduled?
Note: There is some redundancy of questions within this presentation.
Inform & Discuss
•
Plant Layout - Have a copy to give them for planning.
•
Number of shifts and employees per shift - What shifts will be audited? What
hours?
•
Pre-assessment Audit? - If so, Scope. I prefer the preassessment to be limited
to an in-house document and systems review (Quality Manual, all tier [level]
2’s and any related documentation). My concern is less ‘are the folks
following documentation’ than ‘is the documentation and are the systems
acceptable’ to the registrar. We can assure the folks are following documentation
internally. Note: One company I spoke with charged for a Pre-assessment whether
you had one or not. I was told that if they did not do a pre-assessment they
would have to spend more time during the registration assessment.
NOTE: Documentation failure is the most common registration failure mode.
•
DoD and other Sensitive Areas - Make sure everyone agrees on how they will address
the ‘Secret’ / ‘Top Secret’ aspects of your company’s
business. This will probably be a function of scope.
About The Auditors
•
What are the registrar’s qualifications requirements for auditors? (for
hiring or using an auditor) Are the auditors trained and certified under ISO
10011 (guidelines for auditing quality systems)?
•
How many organizations has the typical auditor certified? (Audits per year)
•
How many assessors does the registrar have?
•
What is the turnover rate for assessors in the registrar’s company? If
there is high turnover that will affect the consistency of the assessment service
they provide.
•
How are auditor substitutions handled?
•
Does the company provide training for auditors and other personnel to keep them
abreast of developments in their specific discipline? Are there training records?
Frequency of training?
•
Will he/she/they (auditor[s]) be available for an interview for your company
to assess their suitability? (I doubt you will really want to do this, but many
big companies do this.)
Questions & Thoughts 1
•
What are your requirements as a registrar above and beyond ISO9001?
Request hard copy of their ‘Contract Requirements’
Ask if there are any requirements not on their ‘Contract Requirements’ listing.
•
Are the registrar’s auditors direct hire full-time employees or are they
contract?
•
Will your company have the same Lead Auditor every audit (a Project Lead Auditor)?
NOTE: Most registrars ‘appoint’ a specific person as a project manager
(project lead auditor or what ever the registrar calls it). Ask about how the
registrar you are interviewing structures their projects.
•
Will the registrar send the Project Lead Auditor on each audit or will a substitute
be assigned for surveillance audits?
•
Will only the Lead Auditor have experience in the industry or will every member
of the audit team?
Questions & Thoughts 2
•
How far in advance do they notify you of an impending audit, and provide you
with an audit schedule. This will help you prepare for the audit easily if they
provide at least 6 weeks.
•
How many hours per day is planned during an audit? Some companies consider a
day in-plant as 6 hours saying the other time is ‘report writing’ time.
•
Ask the registrar to explain the details of their billing.
•
Are there any extra charges and tie this down in a written quote. Are travel
and lodging expenses covered by the bid? Rental car(s)? There are stories of
some companies charging extra for each non-conformance report.
•
What quality system does the registrar have in place? Request a copy of their
Quality Manual.
•
Will they provide you with their internal audit schedule and results of audits
and corrective and preventative action?
Questions & Thoughts 3
•
How long will it take them to issue you a certificate once they have recommended
you for approval?
•
How long has the registrar been in business, and do they have any European or
Far East affiliates in the registration business?
•
If you will one day be going for ISO14000, does the registrar support this standard
as well, and would they be able to combine (thereby reducing the man-days at
your site, and $s) the ISO9000 audit with the 14000 audit?
•
Who does documentation assessment and who does the audit? What is their experience
/ qualifications?
The Audits
•
How many Man Days?
Registration Audit
Surveillance Audits
•
How many weeks in advance do they provide the detailed audit schedule?
•
Is there a ‘Complete’ re-audit every three years? Or do they audit
on a ‘continuous’ basis?
•
Surveillance Audits
Frequency - Every 6 months or yearly? (Ask their thoughts)
How much is audited in each surveillance audit?
Communications
•
I want to address this briefly, but note it is very important. One registrar
I dealt with took over a month to respond to questions. A week maximum is appropriate.
I’ve seen phone calls to be returned forgotten. This area can be critical
to your company. You want a responsive registrar.
How long does it take their office to respond to questions (typically)?
If it becomes necessary to speak with the Project Lead Auditor, how is that done
and how soon after the request will the Project Lead Auditor contact your company?
Specification Interpretations
One of the biggest complaints with ISO9001 is interpretation of the standard.
Each auditor has his/her own paradigm and thus expectations. This is one of the
reasons why having the same auditors is preferred. This is also the reason why
I prefer the pre-assessment be limited to an on-site document review where the
auditors set up in offices or a conference room. There they review the Quality
Manual against the level 2’s in interviews. Level 3 documents are reviewed
and objective evidence provided as requested - however, this is all done in the
conference room, NOT on the floor. In short - Are our systems acceptable.
This type of audit is a Verification Audit as opposed to a Validation Audit which
is where they actually hit the floor. Now - the 2 big questions:
1) How are disputes with an audit finding handled? Ask them to explain their
system. (Request a copy of their procedure!)
2) How does the registrar ensure consistency of interpretations within their
company? Some companies have weekly in-house meetings, some have conference calls,
some do nothing. THIS IS IMPORTANT!!!
What’s In A Contract Anyway?
•
When you get a copy of the registrar's contract, read every word and try to imagine
the worst possible scenario. Some time back when I was casting about for a registrar,
one sent me a contract which stated the following for audit costs:
•
XXXXXX "reserves the right to increase charges during the certification
period".
•
Another said: "...approximately 45 days prior to the anniversary date of
certificate issuance, XXXXXX shall notify the client in writing of the annual
costs to maintain the certificate."
•
These appear to me to be licenses to steal. It would seem prudent to get these
things tied down in your initial contract.
•
Remember: Contract Review!
Audit Nonconformance Questions
•
How shall we be notified of non-conformancies or deficiencies?
•
What is the typical response time allowed for initial response to a nonconformance
identified during an audit:
Major nonconformance
Minor nonconformance
•
Will a nonconformance during the initial assessment require a partial or follow
up assessment to verify corrective action? If yes, what shall the cost of follow
up audits be?
NOTE: Typically if there are 1 or more MAJOR non-conformances, they have to make
a return visit. Minors are typically followed up by mail, FAX, etc.
•
Can we be recommended for certification if there are still some minor open non-conformances?
Determine details.
•
How many months of internal audit records do you require before scheduling an
audit?
Project Actions
Sweeps - The Discovery Phase
Sweeps
Where to Start - Documentation
Discovery Inventory
Identification
•
Choose a method of verifying a swept area.
•
One method I have used it to obtain some sheets of adhesive labels (we used the
small coloured dots). You might want to make sure they are ‘easy peel’ labels.
Label every drawer, shelf and other area swept ‘as you go’. Person
checking initials, dates and places the dot where it is easily seen.
Sweeping An Area - I
Things to look for:
Documents
•
Local “How To…” documents
•
Specifications
•
Prints
Forms, Tags
Measurement and Test Equipment
Where to look:
On every shelf
In every drawer
At every work station
On every wall
Under every table, desk, etc.
Sweeping An Area - II
Things to ask yourself as you look:
Documents
•
Is there a date on the document?
•
Does it appear to be ‘valid’ (current)?
•
If it is a hand written document or a company ‘memo’, is there a
name or department on it? Whose is it?
•
Is it a system document? What system?
Shelves
•
What is on the shelf? Is it garbage?
•
Is the shelf labeled? Are some shelves labeled and some not labeled? If so, why?
•
If the shelf is labeled, does what is on the shelf match the shelf label?
Some Things To Think About...
Work Instructions
•
Does Your Job Have Relevant Work Instructions? Does It Need Work Instructions?
•
Are Work Instructions Controlled?
•
Is Each Signed & Dated?
•
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
•
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been
Updated By Hand?
•
If So, Are They Signed and Dated?
Measurement & Test Equipment
•
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Equipment Preventive Maintenance
•
Are All Equipment PMs Up To Date and to a Schedule?
More(!) Things to Think About
Defective Material
º Is Defective Material Identified and Segregated? How?
º Is A Defective Material ‘HOLD’ Area Identified?
Work Areas
º Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
º Is Each Properly Labeled (Identified)?
º Are They Where They Are Supposed To Be?
Employee Training
º Do You Know the Training Requirements Of Your Job Position?
º Is Each Employee Trained? How do we know?
º Where Are Training Records Kept?
º Are Training Records Up To Date?
Organization and Friendliness
•
Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
Is there anything like glue or ink which has an expiration date?
•
Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?
Discovery Phase (Sweeps) Check List
Discovery Phase Check List
Documentation - The Details
Why the Stress on Documentation?
•
The majority of failures in both QS and ISO 9000 registration efforts has been,
and continues to be, 4.2 Documentation Requirements (QS element 4.5).
•
This issue is almost always evident from my first visit and I believe we all
know this is typically a deep problem.
•
Discontinuity is often discovered in the documentation. Even Quality Manuals
are shown to have invalid links.
•
Auditors will focus on the continuity and flow of documentation. Inconsistencies
can keep the facility from passing the registration audit.
What is Documentation?
•
Documentation is much talked about. There are different types. At Motorola, for
example, there are corporate 12M’s. Sectors each have SOPs and maintains
a Quality Systems Manual. Each facility has their own specific documentation
(which must correlate with Sector and corporate documentation. There is also
process documentation in the manufacturing areas.
•
Everyone uses documentation outside of work. If you buy something (like a clock),
there are instructions in the box. That is documentation.
•
Think of documentation as instructions. Documentation explains how to do things.
•
The auditor’s job is to make sure everyone is ‘Following Instructions’.
An Everyday Work Instruction
This is the ‘Work Instruction’ which comes with an aquarium heater.
It gives the user some basic information. Note that there are graphics (several
in multiple languages) in addition to the basic text. There is also a ‘selection’ guide
for the purchaser.
What is Controlled Documentation?
•
A controlled document is typically one that is Revision sensitive - BUT - Not
always!!
•
If a controlled document is changed, a record of the change has to be made. This
means we must have a History of All Changes.
•
If a document is changed, people who use it must know about the change. This
means there has to be a distribution list or other effective way to let everyone
who uses it know the document has changed.
•
Every employee must know how to check to see if documentation they are using
is the most current version.
‘
Standard’ Documentation Pyramid
Documentation
•
Organization Charts
•
Procedures
•
Forms
•
Tags
•
Prints
•
Specifications
•
Statistical Data
•
Inspection & Test Results
Myths vs. Truths
•
Documentation Is Meant To Be Easily Changed
•
The Less Documentation, The Better
Basic Rules
•
Your Job & Documentation
SAY What You Do
Documentation
DO What You Say You Do
Actions
•
If It’s Not WRITTEN Down, It DIDN’T Happen
Quality Records
What Are Quality Records?
•
Any record where data is taken where the data is a result of inspection and/or
test
•
Any record which provides for traceability
•
Nonconformance related documents
The bottom line here is we have to review our documents in a general sense and
identify those which relate to quality issues
Typical Types of Records
•
Management Review Records
•
Contract Review Records
•
Purchasing (Purchase Orders)
•
Identification and Traceability
•
Process Control
•
Inspection and Test Reports and Records
°
Qualification Reports
°
Validation Reports
°
Material Review Reports
•
Control of Measurement and Test Equipment
°
Calibration Reports/Data
•
Non-conforming Product
°
Disposition Records
•
Corrective and Preventive Action
•
Internal Quality Audits
•
Training Records
Records Management Activities
•
Management of Active records
•
Records creation (forms)
•
Design of records system
°
Retention schedule
°
Vital records protection
•
Development of records procedures
°
Indexing
°
Filing
°
Access
°
Disposition
Records Required By ISO 9001
5.6.1 Management review minutes / etc.
6.2.2 (e) Education, training, skills and experience.
7.1 (d) Evidence that the realization processes and resulting product fulfill
requirements.
7.2.2 Results of the review of requirements relating to the product and actions
arising from the review.
7.3.2 Design and development inputs.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.3.7 Results of the review of design and development changes and any necessary
actions.
7.4.1 Results of supplier evaluations and actions arising from the evaluations.
7.5.2 (d) As required by the company to demonstrate the validation of processes
where the resulting output cannot be verified by subsequent monitoring or measurement.
7.5.3 The unique identification of the product, where traceability is a requirement.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable
for use.
7.6 (a) Standards used for calibration or verification of measuring equipment
where no international or national measurement standards exist.
7.6 Validity of previous results when measuring equipment is found not to conform
with its requirements.
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results.
8.2.4 Evidence of product conformity with the acceptance criteria and indication
of the authority responsible for the release of the product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including
concessions obtained.
8.5.2 Results of corrective actions.
8.5.3 Results of preventive actions.
Document Mapping
Document Mapping
•
In a structured system, there are ‘levels’ of documentation. In general
terms we have the description of documentation in levels or tiers. As we learned
earlier there are typically 4 tiers of documentation in an organization (excluding
Ad Hoc documents).
•
The top tiers normally guide the content and focus of the bottom tiers. In short,
each successive lower tier is DEPENDENT upon the upper tier which defines it.
This is said to be a ‘Flow Down’ of requirements.
•
Higher level documents normally cite lower level documents. These citations are
important as they form a ‘trail’ which can be followed. The top level
documents tend to be general and to some extent vague while the lower level documents
provide increasing detail.
•
Sometimes the reverse also happens - lower level documents cite higher level
documents internally. There is controversy as to whether this is ‘good’ practice.
In my opinion, requirements should Never flow up.
•
Document mapping is more important now than ever as mature companies shift towards
interdisciplinary (cross-functional) communication and operation. The old way
was for departments to ‘pass off’ to another department. The new
way causes everyone to be involved. In short, the rise of the importance of Teams
requires documentation to be more integrated and consistent - and thus the need
for control is greater. This is also the reason for the ‘review’ requirement.
Mapping Aspects
•
Mapping starts at the top with the QA Systems Manual. This may be a sector manual
or it may be a local manual.
•
Validation - When you map documents, you ‘verify’ links between documents
(where one document cites another within it). The first thing to verify is that
the cited document exists.
•
A second aspect of mapping is to verify that the content of the citation is relative.
This is to say that the links should ‘make sense’. If a citation
in one document says something like “The audit will be performed in accordance
with procedure ABC-1234” and procedure ABC-1234 is titled ‘Calibration
of Pressure Gages’, it is evident that the link is NOT Valid! It does not
make sense!
•
After verifying that the linked document both exists and that the links are ‘relative’ and
make sense, the document is mapped to the matrix relative to the mapping project.
In our case the matrix is QS 9000 line items against the document ‘class’.
Document Tiers & Classes
•
It is uncommon to find ‘Pure’ documents. That is to say, it is not
very often you find a document which one can clearly define as ‘only’ Tier
I or Tier II or Tier III. In almost all cases there is some cross over. A good
example is a Tier III document which becomes a Tier IV document. In this case
we have a document which is a Tier III Procedure with some places which which
will eventually be filled with data - which will then make it a Record (Tier
IV).
•
The idea of a defined border and thus a pure document is fine, but is seldom
actually seen. Normally the closest you will come is with the Quality Systems
Manual. A QSM will normally be the ‘purest’ document you will find
within any given system.
•
Purity is to some degree a function of company size. A company with only 20 to
50 employees with simple processes will generally have little need for ‘pure’ structure.
The necessity of structure in very large companies necessitates a more defined
documentation structure in large part due to necessary overall complexity.
•
Also consider the idea of document classes. Classes may include production documents,
engineering documents, Human Resources documents, maintenance documents, etc.
From this we should understand there are usually several classes of documents
in any given tier.
•
Document classes are related to document tiers. In most companies there are multiple
document ‘classes’. These classes are always Tier II or lower.
High Level Documentation Structure
Local Documentation Tiers
Typical Documentation Tiers
Flow Up vs Flow Down
•
Not all documents have flow down requirements.
•
Flow downs are normal.
•
Flow downs generally reference lower level documents, but references are not
mandatory.
•
Flow Ups MUST *NEVER* be found.
Documentation Compliance Considerations
Mapping - Two Aspects
Line Item Matrix Mapping
Determination of Required Documents
•
Once you have completed mapping your documents, you want to revisit your requirements
matrix. You have gone through an initial Gap Analysis where a determination was
made as to what systems exist and which ones do not. Typically the Gap Analysis
gives you an idea of what Level II documents and systems are required. At this
point we want to look at what Level IIIs and Level IVs exist.
Summary
Mapping internal documents is:
•
Verify internal reference documents exist and that the names and numbers ‘make
sense’
•
Verify that the link subject matter makes sense and that requirements flow down
•
Find where the document fits in the ISO 9001 line item matrix
•
Examine matrix for redundancy
Process Mapping
Why Process Maps?
Typical Top Level Operations Flowchart
Business As A System (Process)
Use a Process Flow Chart!
Because:
•
You want to understand your current process
•
You are looking for opportunities to improve
•
You want to illustrate a potential solution
•
You have improved a process and want to document the new process
Creating a Process Flow Chart
1. Identify the process or task you want to analyze. Defining the scope of the
process is important because it will keep the improvement effort from becoming
unmanageable.
2. Ask the people most familiar with the process to help construct the chart.
3. Agree on the starting point and ending point. Defining the scope of the process
to be charted is very important, otherwise the task can become unwieldy.
4. Agree on the level of detail you will use. It’s better to start out
with less detail, increasing the detail only as needed to accomplish your purpose.
Creating a Process Flow Chart
5. Look for areas for improvement
•
Is the process standardized, or are the people doing the work in different ways?
•
Are steps repeated or out of sequence?
•
Are there steps that do not ad value to the output?
•
Are there steps where errors occur frequently?
•
Are there rework loops?
6. Identify the sequence and the steps taken to carry out the process.
7. Construct the process flow chart either from left to right or from top to
bottom, using the standard symbols and connecting the steps with arrows.
8. Analyze the results.
•
Where are the rework loops?
•
Are there process steps that don’t add value to the output?
•
Where are the differences between the current and the desired situation?
Early Process Flow Diagram
Flowchart
Benefits of Using Flowcharts
•
Promotes understanding of a process
•
Identifies problem areas and opportunities for process improvement
•
Provides a way of training employees
•
Depicts customer-supplier relationships
Symbols Used In Flowcharts
Basic Flow Chart Example - High Level
Basic Flow Chart Example - High Level
Flow Chart Example - Low Level
Process Map Elements
Process Map Elements
Process Map Elements
7 Steps to Process Mapping
Process Mapping Worksheets
Process Mapping Steps 1 and 2
Process Mapping Step 3
Process Mapping Step 4
Process Mapping Step 4
Job Descriptions
•
At this time you should be looking at what job descriptions you have and determining
what job descriptions you need.
•
Please don’t forget job descriptions!
Process Mapping Step 4
Process Mapping Step 5
Process Mapping Step 6
Internal Audits
Internal Audits
•
You must complete at least 1 full round of internal audits prior to your registration.
In addition, you have to show at least one example of where a nonconformance
was identified and corrected. You must also show where you verified the effectiveness
of the corrective action.
•
Drive your implementation through Internal Audits.
•
You can use internal audits as a method of training departmental managers and
others. As you go through the audit, you explain the basics of that person’s
responsibilities with respect to ISO 9001. You can also explain the basics of
ISO 9001, go over the Quality Policy, etc.
•
These internal audits may prove to be long and problematic. This should be expected
because employees are all learning about ISO 9001 and the requirements. Sometimes
they’re learning new systems and such as well.
•
You may want to take a read through https://elsmar.com/Audit/
The Internal Audit
The Systematic Investigation
of the Intent, Implementation, and Effectiveness
of Selected Aspects of the Systems
of an Organization
or One or More of It’s Departments
A Typical Audit Process
Internal Audit Goal
To Collect
Objective Evidence
To Permit An
Informed Judgment
About The
Status and Effectiveness
Of The Systems Audited
Objective Evidence
•
It exists
•
Not influenced by emotion or prejudice
•
Based on observation
•
Verbal or documented
•
Verifiable
•
May be quantitative
•
Within the systems being audited
Many Requirements
QS/ISO 9001
Contract Requirements
Company System Requirements
(Policy, Procedures, Instructions)
OSHA
EPA
Federal and State Regulatory
Internal Audits
Schedule Example
Outsourcing Internal Audits
•
Many smaller companies outsource internal audits.
•
Many large companies have a distinct department which carries out internal audits
at facilities world-wide.
•
There are a number of possible failure modes in internal auditing. You will have
to make your own decision. My opinion is to outsource internal audits.
•
Details are discussed in two threads:
°
https://elsmar.com/ubb/Forum13/HTML/000041.html
°
https://elsmar.com/ubb/Forum2/HTML/000123.html
Project Fulfillment
Enter The Registrar
The Registrar’s Document Review
•
Prior to a pre-assessment, your registrar will want to review your documentation.
Typically, they want your Systems Manual (Quality Manual) and a copy of your
level II documents. However, some registrars only require your quality manual.
ASK them specifically what they want submitted for review.
•
You should not let the registrar wait to ‘the last minute’ do a document
review. I often see this done. The client gets the review back at or just prior
to the pre-assessment. Folks, this does not allow you any time to deal with any
problems if any are encountered during the review. Try to get your review done
6 weeks or more prior to pre-assessment.
Pre-Assessment Audit
•
Some registrars require a pre-assessment. Some do not.
•
A pre-assessment is a valuable tool. Your relationship with your registrar is
going to be an intimate one. Interpretation of the requirements with respect
to your company and ‘the intent’ is a big factor in a registration.
During this visit you will ‘get to know’ your registrar.
•
The man-days for the pre-assessment are typically about 1/3 or less than for
the registration audit.
•
The pre-assessment is, like the registration audit, a sample. Everything will
not be looked at.
Assessment Audit
•
This is the fun audit! This is where everyone is fair game. Not much else I can
say.
•
This is, like all audits, a sample. But it is a big sample. They look at a representative
sample of each system.
•
The following slides tell you what to expect.
Reasons For Third Party Audits
•
Everyone is familiar with the idea of audits. One place we are all aware of audits
is in the banking industry. For years, the government has required banks to submit
to periodic audits by government agencies and/or external companies who specialize
in auditing. Few people want to put their money in a bank where there are no
controls such as periodic audits. If there are no audits, you have no way of
knowing if your bank is using your money well. If the bank is not ‘using
your money well’ the bank could easily fail - then you could lose all of
your money.
•
Audits in other service industries and in manufacturing industries are not new.
Customer audits have been going on for years. But only recently has the idea
of third party audits become reality. This is in large part due to the adoption
in Europe of ISO 9001 and other international standards.
Reasons For Third Party Audits 2
•
The intent of third party audits is to provide assurance that a company complies
with a standard or specification.
•
Many people say that third party audits will eliminate customer audits. This
has not been the case up to now in part because customers still see the need
to ensure compliance to their specific requirements. Even QS-9000 (now IATF 16949) , specific to
Ford, GM and Chrysler suppliers, does not eliminate customer audits.
What is an Auditor?
•
An auditor is a person. Their job is to validate documentation. This means they
look at documentation (instructions) and make sure people are following the documentation.• Auditors
go from company to company validating documentation.
•
Auditors are just people who ask questions about how you do your job.
Auditors Are Not!!!
•
Inquisitors
•
Fault Finders
•
Rock Throwers
•
Avenging Angels (Biased For or Against)
•
Dishonest
•
Overactive
What Will The Auditors Do?
•
The auditors will look at written procedures and policies (verification).
•
The auditors will then look at and ask how people in the company do things. They
will look to make sure each person is following written procedures and policies
(systems / process validation).
•
They will look at records to ensure everyone is properly completing paperwork
(examples would be process related documentation and SPC charts).
•
They will look to make sure everyone is properly trained to do their job.
Who Will Be Audited?
•
Absolutely Everyone whose job affects quality (almost everyone’s job does
in some way) is subject to the audit.
•
And the farther up the corporate tree you go, the more difficult the audit is.
This is because as you go up the tree (eventually to the CEO), job duties and
responsibilities increase.
°
Corporate Personnel
°
Plant Manager
°
Departmental managers
°
Supervisors
°
Engineers
°
Technical personnel
°
Associates
The Audit Team
•
When you are visited by an auditor, he/she will NOT be alone. At the very minimum,
there will be:
°
The Auditor
°
A Company Escort - This will be someone from within the company who knows the
area and the specification well. The escort will try to provide structure to
the audit and will try to help out when he/she can. Often this will be the management
representative.
°
The Area Supervisor and/or Manager - The area supervisor or other person directly
responsible for the area will be present.
•
Remember - YOU ARE NOT ALONE!
Types of Audits
Internal Audit
An audit of internal systems and/or procedures. An internal audit is most often
performed by people how directly work for the company. Many companies hire outside
firms (see third party below) to perform the audits.
External Audit
Second Party - Customer Audits
•
Customer audits are those where a customer (or a customer representative) performs
the audit. A customer audit is not ‘objective’ because the customer
is intimately involved with your company (the supplier to the customer). This
involvement can BIAS the audit.
‘
Third Party’ Audits
•
Third party audits are like those you think of when you think of bank audits.
Banks (and other financial institutions) must hire a company or person to audit
their books and procedures. The company or person hired to do the audit cannot
have an ‘interest’ in the business it is auditing. This is known
as an ‘Independent Audit’. Your registrar audit is a third party
audit.
What Will Happen If...
•
If an auditor finds a problem, s/he will let the person being audited know immediately
that a possible problem may exist. In NO case will the auditor ‘find a
problem’ and not discuss it with the auditee ‘on the spot’.
They always tell the auditee the suspected problem. Many registrars (registrars
do *NOT ALWAYS* require this) will ask the auditee (or other company official
present) to sign a statement of fact of what was found (statement of objective
evidence). The auditee should know that signing the statement is NOT an admission
of a problem. It is an agreement of facts found. Whether or not it is a problem
is discussed during end-of-day and final review meetings.
•
If an auditor leaves your area and says nothing about a possible problem, you
can be sure no problem(s) were found. Auditors do NOT report findings to management
without discussing it with the personnel involved FIRST. There are no tricks.
Nothing is ‘hidden’ until later.
Things to Know
•
Know what documentation affects YOU!
°
You must know what documentation applies to your job. This should have been told
to you when you were trained to do the job. If you are not sure what documentation
applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
•
You must follow all documentation that applies to you. If it says you do something
a certain way, you must do it that way.
•
You must complete all forms. If you are supposed to initial and date when you
do something, the auditors will check to ensure you complete the form the way
you are supposed to.
•
Know what training you have had. If you do not know, ASK YOUR MANAGER NOW! Don’t
wait until the audit!
Things to Do
•
Listen closely before answering any question(s). If you are not sure you understand
the question, ask the auditor to repeat it. If you still do not understand the
question, tell the auditor you do not understand it. The auditor will try to
better explain him/herself. Never answer a question you do not understand!
•
Never say “Sometimes I....”. When you do something differently because
of different circumstances, explain that “When ------ happens, I...., and
when +++++ happens, I ....”. Be specific.
•
Always tell the Truth. Don’t ever try to hide something. You may think
you are helping someone - you are not. One lie can destroy confidence. Just like
in a marriage, if one spouse lies to the other and the other finds out, the relationship
may be in real danger. One lie could ruin the entire audit.
•
Be patient. Wait for the auditor to ask a question.
Things NOT to Do
•
If you do not know the answer to a question, tell the auditor that you do not
know the answer. Don’t attempt to ‘fake it’. If the auditor
tries to explain again and you still do not understand the question, tell him/her
again that you do not understand the question. The Escort will attempt to help
if this happens.
•
Do NOT try to answer a question for another person. (often registrars will *test*
people for this) If the question is not about the job you are doing and you know
who does that job, tell the auditor who they should ask if you know.
•
Do NOT try to answer a question about another job. The only question an auditor
is supposed to ask is about YOUR job. If the auditor asks you a question about
someone else’s job, you should answer “That is not my job.” The
escort or the other company person with the auditor must take the lead from this
point.
•
Do NOT try to hide from the auditor. All the auditor wants is to ask you about
your job and how to do it. You know your job. You can tell the auditor about
as easily as you can tell anyone else.
General Things To Know and Do
•
Auditors are NOT trying to test your memory. If you have to look something up
in your documentation, tell the auditor. The auditor will then tell you whether
to look up the information or not.
•
Only answer the auditor’s question. Do NOT volunteer information. Do NOT
try to ‘help’ the auditor with additional information.
•
Answer with the shortest, simplest answer you can think of. If you can answer
with a Yes or No, that’s all you should do.
•
Don’t try to explain things beyond the question asked. The auditor will
ask questions to help him/her understand. Your job is to only answer questions
asked.
•
Do not tell stories or speculate what ‘may’ happen.
•
Right NOW!!! If there is any documentation which you are using that you think
or know is not correct, contact your supervisor immediately!
Typical Audit Questions to Expect
•
What is QS-9000 (now IATF 16949) / ISO 9001?
•
What is the quality policy?
•
What does the quality policy mean to you?
•
What documentation do you follow? Where is it?
•
How do you know you are using the most recent documentation?
•
Who is the Management Representative?
•
How do you know what to do? Tell me about your job and your duties.
•
Do you ever have problems come up? How do you handle them?
•
When you find nonconforming product, what do you do?
•
What are your quality responsibilities?
•
What are controlled documents?
•
If your documentation says you should do something a specific way and someone
else tells you to do it differently, what do you do?
•
What do you do if your machine jams?
If you do not know the answer to any of these questions, talk to your supervisor
SOON! DO NOT WAIT!
Supervisors Should Think About...
Work Instructions
Does Every Job Have Relevant Work Instructions?
Are Work Instructions Controlled?
Is Each Signed & Dated?
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been
Updated By Hand?
If So, Are They Signed and Dated?
Equipment PMs
Are All Equipment PMs Up To Date and to a Schedule?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Is DMR Material Dispositioned in a Timely Manner?
Last Things to Think About
•
Employee Training
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
•
SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
•
Work Areas
Are Work Areas Clean and Orderly?
•
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
QS-9000 (now IATF 16949) / ISO 9001 Reminders
•
Does NOT define quality
•
Is NOT a one-time process
•
Is NOT easy
•
Requires commitment
•
Requires resources
Real Life
What QS-9000 (now IATF 16949) / ISO 9001 Means To You!
You MUST:
Know Your Job Duties
Know What Training Your Job Requires
Be Able To Tell About How You Were Trained
Know What Documentation Involves YOU!
Know How To Find Out What The ‘Latest’ Version’ Is
Know What The Documentation Says
Know How The Documentation Applies To YOU!
Know What The INTENT of the Documentation
Good Luck!
ADVERTISEMENT
View the Elsmar Cove Privacy Policy and Terms and Conditions