Understanding and Implementing

An ISO 9001:2000 or Related

QMS
(Quality Management System)
Implementing An ISO 9001:2000 Quality Management System
An Open Source Document
This document is an Open Source document!
Huh?
This means it is the result of the input of may people and resources.
This means YOU can and may participate. If you want something included or have a suggestion, please let me know. You can send some slides in e-mail. Or write me and tell me about what has not been addressed but that you believe should be addressed. If your suggestion is incorporated into the document you will be given credit in the document. You will get updates for free as long as the file is undergoing updates (rumour is I may die someday or decide to do something else with my life so I can’t really use the word forever).
I will accept and incorporate good ‘patches’ and constructive criticism.
Telling me of spelling errors doesn’t count, but will be very much appreciated.
This is how we do things in hackerland; it's a combination of individual visions and collaborative synergy that makes things work. Just as it is in the Cove forums.

Files Included in this Package
About This Document - Contents
This document is a ‘digest’ from many implementations I have been involved in, information from news group snippets and forums discussions. I have tried to make it as comprehensive as possible given the extreme range of types and sizes of companies and their scopes of implementation. I have also tried to address both simple and complex issues to address the needs of the novice as well as those whose occupation is in the quality field.
If you are the owner or manager of a small company, you may have heard about ISO 9000. Maybe not. Either way, if you have 10 people or less you probably don’t have anyone with a quality assurance background. On the other hand, if there are 20,000 employees in your company you probably have a quality background which is why you’re here.
For small companies where there is no one with a quality background implementation can appear to be overwhelming. It’s not that ISO is so difficult. It’s that if you don’t have a good understanding of some of the quality related concepts, such as nonconformance and corrective action systems, it becomes much like taking up a new occupation (after how many years?) or learning a new language.

Sample Flow Charts
There are several resources included.
These are each different sets of flow charts.
One is a directory of gifs which you can open with your picture editor. Sample_Flow_Charts-jpg_Format is the directory name.
Map_Examples is a directory with some linked flow charts. Open the file index.html with your browser.
The file Flow_Charts.ppt has a number of more current flow charts examples (ideas!).
The file Flowcharting.pdf contains some help on how to make a flow chart.
Major flow charts have details on system requirements.

Introduction
The Purpose of this Presentation is to Provide an Overview of ISO 9000 and to discuss Implementation Methodologies

Implementation Considerations
You are not the first. Over 345,000 organizations have registered to ISO 9000 by early 2001.
A main point to remember as you traverse this tome is that each company is different. There is no way I can address every possible type and size of company. The contents represent the basis of a methodology I have used over the last 8 years in implementing ISO 9001 and QS-9000 in facilities as large as 10,000 souls, as small as 8 persons, in companies as large and complex as Motorola, as  ‘unusual’ as Harley-Davidson, and as unique as an insurance company. The methodology is structured. Very structured. How closely you follow the path will depend upon your specific circumstances and needs as well as your own beliefs. Some companies go slowly. Some companies do not want a complex project plan. Some companies insist on a complex project plan. But, more on this later.
As much as anything else, you will have to assess my recommendations with consideration to your circumstances.

Quality Systems
ISO 9000 Family of Documents
ISO9001:2000 DIS Structure
ISO 9001:2000 Vs Baldrige
Malcolm Baldrige National Quality Award Criteria Circa 4/2001
1. Leadership
Organizational Leadership
Public Responsibility and Citizenship
2. Strategic Planning
Strategy Development
Strategy Deployment
3. Customer and Market Focus
Customer and Market Knowledge
Customer Relationships and Satisfaction
4. Information and Analysis
Measurement and Analysis of Organizational Performance
Information Management

ISO 9000
The Ultimate Goals of ISO 9001 are:
1. To Provide Consistent Processes
(Documented Systems Provide For Consistency)
With Defined RESPONSIBILITIES
2. Customer Satisfaction
3. Continuous Improvement
Periodic Audits Ensure Systems Are Working

Where Did It Come From?
Liability
By defining practices, Liability is addressed. In fact, the whole ISO 900X series is the reaction to a need to assign
Responsibility
For international trade issues involved in bringing the continent together into the ‘European Union’. The foundation drifted to be a ‘quality standard’.

Liability
The ISO 9000 series is a vehicle to address liability issues
Driver was the European Common Market
Is relevant locally and world wide

Origins
ISO 9001 and Quality
ISO 9001 Has Nothing To Do With the Quality of a Product or Service
Cement Life Preserver
The Classic Example
The year 2000 version of ISO 9001 carries a revised title, which no longer includes the term Quality Assurance. This reflects the fact that the quality management system requirements specified in this edition of ISO 9001 address quality assurance of product as well as customer satisfaction.
See http://16949.com/ubb/Forum5/HTML/000063.html
Conformance to Specifications
Consistency of Processes

The Main ISO 900x Documents
ISO 9000
NEW: Quality Management Systems - Fundamentals and Vocabulary
OLD:  Replaces the old ISO 8402:1994
ISO 9001
NEW:  Quality Management Systems - Requirements
OLD:   Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing
ISO 9004
NEW: Quality Management Systems - Guidelines for Performance Improvement
OLD:  Quality Management and Quality System Elements - Guidelines

The Stated Intent of ISO 9001
0 INTRODUCTION
0.1 General
This International Standard specifies requirements for a quality management system that can be used by an organization to address customer satisfaction, by meeting customer and applicable regulatory requirements. It can also be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer and regulatory requirements.
The adoption of a quality management system needs to be a strategic decision of the organization. The design and implementation of an organization's quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization. It is not the purpose of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.
It is emphasized that the quality management system requirements specified in this International Standard are complementary to technical requirements for products.

Differences In Sectors
1.2 Permissible exclusions
The organization may only exclude quality management system requirements that neither affect the organization's ability, nor absolve it from its responsibility, to provide product that meets customer and applicable regulatory requirements. These exclusions are limited to those requirements within clause 7 (see also 5.5.5), and may be due to the following:
(a) the nature of the organization's product;
(b) customer requirements;
(c) applicable regulatory requirements.
Where permissible exclusions are exceeded, conformity to this International Standard should not be claimed. This includes situations where the fulfillment of regulatory requirements permits exclusions that exceed those allowed by this International Standard.

Service As A Product
3.1 - product - result of a process
NOTE 1: There are four agreed generic product categories:
- hardware,
- software,
- services,
- processed materials.
Most products are combinations of some of the four generic product categories. Whether the combined product is then called hardware, processed material, software or service depends on the dominant element.

Why Do It?
I’ll bet either a customer requirement or your sales / marketing folks dreamed this up for you to do, right? Almost all implementations are the result of one or the other. I have never had a client which simply decided to do it because they  felt doing so would be beneficial to the company. This is not to say improvement is not an issue. It almost always very much is. But that has never been the spark that initiated the process.
Many of you know I’m not a proponent of registration per se. For some companies it is a good thing. They lack the internal discipline necessary to ensure people are doing what they are supposed to be doing.
I am a gung ho proponent of the implementation process. In the very least, it necessitates a serious housekeeping effort. The process typically opens everyone’s eyes to what they are doing and why. Often I refer to the early stages of implementation as the Discovery Phase. I cannot tell you how many times I have heard “I didn’t know we were doing that!” Sometimes it’s scary thinking how far in the dark some people are in so far as knowing and understanding what they’re supposed to be doing goes. Which is pretty far. I have never seen an implementation which did not benefit the company in some way.

Why Do It?
Process Improvements
Theoretically, as you implement the system, you have the opportunity to improve your processes. You will outline the current process, add the requirements of the standard and then optimize the process with input from the process users.
Increased Quality Awareness
Theoretically, as the system is implemented, quality awareness will increase because all staff must be trained on ISO 9000, staff must be trained on processes as they are implemented and staff will have "ownership" of processes they are involved in developing and improving.

Project Duration
How long will it take?
An implementation project will typically take about 6 to 9 months, but will range from 3 to 20 months.
Factors that will affect the timeline include:
Size and complexity of the organization.
Existing systems
How much existing documentation is available which can be used.
Amount of resources available for the project
ISO expertise available.

Simple Schedule
Typical Costs
Payback
Companies minimize deficiencies in supply and support of products and services.
Companies identify problem areas and address them quicker.
Companies identify customer needs more accurately.
Companies become more consistent in their product and services.

Who’s Doing It & General Issues
The ISO organization publishes a yearly assessment of the ISO 9001 distribution.
ISO9K-8thCycleSurvey.pdf (through December 1998)
ISO9K-9thCycleSurvey.pdf (through December 1999)
The Magical Demystifying Tour of ISO 9000 and ISO 14000
http://www.iso.ch/9000e/magical.htm

A Quality Management System?
System vs. Process
System
Pronunciation sI stEm
Definition A group of related things or parts that function together as a whole.
Example The school system in our city.
Process
Pronunciation pra sehs
Definition A systematic sequence of actions used to produce something or achieve an end.
Example An assembly-line process.

What is a System?
Collection of interacting parts functioning as a whole.
Collection of subsystems that support the larger system.
Collection of processes oriented toward a common goal.
The organization as a system.

Trade Relationships
The Organization as a System, Subsystems, and Processes
Systems and Subsystems
Organization As An Extended System
Organization As An Extended System
Extending Outside the Organization
An Extended System
Measures In The Extended System
Quality Through Process Improvement
What is a Process?
A series of operations or steps that results in a product or service.
A set of causes and conditions that work together to transform inputs into an output.

Examples of Processes
Significant and Critical Processes
Significant Processes
Are processes by which the mission-essential work of the organization is accomplished.
Contribute directly to meeting the needs and requirements of customers.
Can be traced from output (to external customer) back to input (to the organization).
Critical Processes
A stage within a significant process.
One that is deemed as most important for control and improvement.

Special Characteristics
With Regard to QS-9000
The AIAG defines a Special Product Characteristic as a product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product. Ford Motor Company divides Special Characteristics into two categories: Critical Characteristics and Significant Characteristics
Critical Characteristics are defined by Ford as product or process requirements that affect compliance with government regulation or safe product function, and which require special actions or controls. In a design FMEA, they are considered Potential Critical Characteristics. A Potential Critical Characteristic exists for any Severity rating greater than or equal to 9. In the process FMEA, they are referred to as Actual Critical Characteristics. Any characteristic with a Severity of 9 or 10 which requires a special control to ensure detection is a Critical Characteristic. Examples of product or process requirements that could be Critical Characteristics include dimensions, specifications, tests, assembly sequences, tooling, joints, torques, welds, attachments, and component usages. Special actions or controls necessary to meet these requirements may involve manufacturing, assembly, a supplier, shipping, monitoring, or inspection.

Characteristics I
CHARACTERISTIC:  A distinguishing feature, dimension or property of a process or its output (product) on which variable or attribute data can be collected.  (P39 APQP)
CHARACTERISTIC, CRITICAL, CHRYSLER DEFINITION:  Characteristics applicable to a component, material, assembly, or vehicle assembly operation which are designated by Chrysler Corporation Engineering as being critical to part function and having particular quality, reliability and/or durability significance.  These include characteristics identified by the shield, pentagon, and diamond.  (49 PPAP)
CHARACTERISTIC, CRITICAL (INVERTED DELTA), FORD DEFINITION:  Those product requirements (dimensions, performance tests) or process parameters that can affect compliance with government regulations or safe vehicle/product function, and which require specific supplier, assembly, shipping, or monitoring and included on Control Plans. (P49 PPAP)
CHARACTERISTIC, CRITICAL, GM DEFINITION:  See Key Product Characteristic.  (P49 PPAP)
CHARACTERISTIC, KEY CONTROL (KCCs):  Those process parameters for which variation must be controlled around a target value to ensure that a significant characteristic is maintained at its target value.  KCCs require ongoing monitoring per an approved Control Plan and should be considered as candidates for process improvement.  (P49 PPAP)
CHARACTERISTIC, KEY PRODUCT (KPC):  Those product features that affect subsequent operations, product function, or customer satisfaction.  KPCs are established by the customer engineer, quality representative, and supplier personnel from a review of the Design and Process FMEA’s and must be included in the Control Plan.  Any KPCs included in customer-released engineering requirements are provided as a starting point and do not affect the supplier’s responsibility to review all aspects of the design, manufacturing process, and customer application and to determine additional KPCs.  (P49 PPAP)

Characteristics II
CHARACTERISTIC, PROCESS:  Core team identified process variables (input variables) that have a cause and effect relationship with the identified Product Characteristic(s) which can only be measured at the time of occurrence.  (6.3 #20 APQP)
CHARACTERISTIC, PRODUCT:  Features or properties of a part, component or assembly that are described on drawings or other primary engineering information.  (6.3 #19 APQP)
CHARACTERISTIC, PRODUCT, CRITICAL (D), CHRYSLER DEFINITION:  A defect which is critical to part function and having particular quality, reliability, and durability significance.  (QS-9000)
CHARACTERISTIC, PRODUCT, MAJOR, CHRYSLER DEFINITION:  A defect not critical to function, but which could materially reduce the expected performance of a product, unfavorably affect customer satisfaction, or reduce production efficiency.  (QS-9000)
CHARACTERISTIC, PRODUCT, MINOR, CHRYSLER DEFINITION:  A defect, not classified as critical or major, which reflects a deterioration from established standards.  (QS-9000)
CHARACTERISTIC, PRODUCT, SAFETY/EMISSION/NOISE (S), CHRYSLER DEFINITION:  A defect which will affect compliance with Chrysler Corporation and Government Vehicle Safety/Emission/Noise requirements.  (QS-9000)
CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION “Shield <S>:  Specifications of a component, material, assembly or vehicle assembly operation which require special manufacturing control to assure compliance with Chrysler Corporation and government vehicle safety requirements.  (QS-9000)

Characteristics III
CHARACTERISTIC, SAFETY, CHRYSLER DEFINITION:  Specifications which require special manufacturing control to assure compliance with Chrysler or government vehicle safety requirements.  (P50 PPAP)
CHARACTERISTIC, SIGNIFICANT, CHRYSLER DEFINITION:  Special characteristics selected by the supplier through knowledge of the product and process.  (QS-9000)
CHARACTERISTIC, SPECIAL:  Product and process characteristics designated by the customer, including governmental regulatory and safety, and/or selected by the supplier through knowledge of the product and process.  (P104 APQP)
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>:  Specifications of a component, material, assembly or vehicle assembly operation which are designated by Chrysler as being critical to function and having particular quality, reliability and durability significance.  (QS-9000)
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Diamond” <D>:  Specific critical characteristics that are process driven (controlled) and therefore require SPC to measure process stability, capability, and control for the life of the part.  (Appendix C QS-9000) & (Appendix C APQP)
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Pentagon” <P>:  Limited to highlighting Critical characteristics on (Production) part drawings, tools and fixture, and tooling aid procedures where ongoing process control is not automatically mandated.  (Appendix C QS-9000) & (Appendix C APQP)
CHARACTERISTIC, SPECIAL, CHRYSLER DEFINITION “Shield” <S>:  Engineering designated specifications or product requirements applicable to component material, assembly operation(s) which require special manufacturing control to assure compliance with governmental vehicle safety, emissions, noise, or theft prevention requirements.  (Appendix C QS-9000) & (Appendix C APQP)

Characteristics IV
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Critical Characteristic” <Inverted Delta>:  Those product requirements (Dimensions, Specifications, Tests) or process parameters which can affect compliance with government regulations or safe Vehicle/Product Function and which require specific producer, assembly, shipping or monitoring actions and inclusion on the Control Plan.  (Appendix C QS-9000) & (Appendix C APQP)
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant Characteristic - SC” <None>:  Those product, process, and test requirements that are important to customer satisfaction and for which quality planning actions shall be included in the Control Plan.  (Appendix C QS-9000)
CHARACTERISTIC, SPECIAL, FORD DEFINITION “Significant/Characteristic - S/C” <None>:  Characteristics that are important to the customer and that must be included on the Control Plan.  (Appendix C APQP)
CHARACTERISTIC, SPECIAL, GM DEFINITION “Fit/Function” <F/F>:  Product characteristic for which reasonably anticipated variation is likely to significantly affect customer satisfaction with a product (other than S/C) such as its fits, function, mounting or appearance, or the ability to process or build the product.  (Appendix C QS-9000) & (Appendix C APQP)
CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S/C>:  Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as:  flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . .  (Appendix C QS-9000)
CHARACTERISTIC, SPECIAL, GM DEFINITION “Safety/Compliance” <S>:  Product characteristic for which reasonably anticipated variation could significantly affect customer the product’s safety or its compliance with government regulations (such as:  flammability, occupant protection, steering control, braking, etc. . .), emissions, noise, radio frequency interference, etc. . .  (Appendix C APQP)

Characteristics V
CHARACTERISTIC, SPECIAL, GM DEFINITION “Standard” <None>:  Product characteristic for which reasonably anticipated variation is unlikely to significantly affect a product’s safety, compliance with governmental regulations, fit/function.  (Appendix C QS-9000) & (Appendix C APQP)
CHARACTERISTIC, SPECIAL, PROCESS (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT):  A process characteristic for which variation must be controlled to some target value to ensure that variation in a special product characteristic is maintained to its target value during manufacturing and assembly.  (P57 FMEA)
CHARACTERISTIC, SPECIAL, PRODUCT:  Core team compilation of important product characteristics from all sources.  All Special Characteristics must be listed on the Control Plan.  (6.3 #19 APQP)
CHARACTERISTIC, SPECIAL, PRODUCT (e.g., CRITICAL, KEY, MAJOR, SIGNIFICANT):  A product characteristic for which reasonably anticipated variation could significantly affect a product’s safety or compliance with governmental standards or regulations, or is likely to significantly affect customer satisfaction with a product.  (P55 FMEA)
CHARACTERISTIC, SPECIAL, TOOLING, CHRYSLER DEFINITION “Pentagon” <P>:  Critical tooling symbol used to identify special characteristics of fixtures, gages, developmental parts, and initial product parts.  (QS-9000)
CONTROL ITEM PART, FORD DEFINITION:  Product drawings/specifications containing Critical Characteristics.  Ford Design and Quality Engineering approval is required for changes to Control Item FMEA’s and Control Plans.  (QS-9000)

Critical Characteristics Matrix
What Is A Quality Management System?
In the Words of the ISO Folks:
“Both ISO 9000 and ISO 14000 are known as generic management system standards.”
“Generic means that the same standards can be applied to any organization, large or small, whatever its product – including whether its ‘product’’ is actually a service – in any sector of activity, and whether it is a business enterprise, a public administration, or a government department.”
What this amounts to is the ISO 9001 requirements are what the ISO folks have determined to be ‘Best Practices’ in a business. The ISO folks comment that these are “…now available to small companies…”. I contend they always have been and, in fact, most of my smaller clients had well established systems which functioned quite well to begin with. It’s hard to say that their ISO registration process was particularly value added. As with the vast majority of companies, they were required by one or more customer(s) to register. Or the sales folks saw registration as a potential for increased sales (everyone’s doing it).

What is a QMS?
Are we talking about ISO 9001 or QS-9000 or what, here?
To start out, let’s discuss what you are planning to do. Throughout this document you will see ISO 9001 and QS-9000 cited. We are, at the bottom level, talking a System. With respect to ISO 9001 (and QS-9000 and TS 16949 for that matter) it is called a Quality Management System. With the ISO 9001:2000 release, page vi defines it in a diagram. Below is the version from the DIS. ISO 14001 requires an Environmental Management System.

ISO 9001:2000 QMS ‘Process Model’
ISO 9001:2000 QMS ‘Process Model’
One of the interesting parts of this system is Continuous Improvement of the Quality Management System is specified as the result. Not improvement of the product. One can argue if you improve you quality system the product should improve as well. However, this is just not always the case.

ISO 14001:1996 EMS ‘Process Model’
The below is from page vi of ISO 14001:1996.
Notice it is not drawn as a closed loop system as is the ISO 9001 system.

The ISO Standards
ISO 9000:2000 Quality management systems – Fundamentals and vocabulary
Establishes a starting point for understanding the standards and defines the fundamental terms and definitions used in the ISO 9000 family which you need to avoid misunderstandings in their use.
ISO 9001:2000 Quality management systems – Requirements
This is the requirement standard you use to assess your ability to meet customer and applicable regulatory requirements and thereby address customer satisfaction.
ISO 9004:2000 Quality management systems – Guidelines for performance improvements
This guideline standard provides guidance for continual improvement of your quality management system to benefit all parties through sustained customer satisfaction.
ISO 19011 Guidelines on Quality and/or Environmental Management Systems Auditing (currently under development)
Provides you with guidelines for verifying the system's ability to achieve defined quality objectives. You can use this standard internally or for auditing your suppliers.
ISO 10005:1995 Quality management – Guidelines for quality plans
Provides guidelines to assist in the preparation, review, acceptance and revision of quality plans.
ISO 10006:1997 Quality management – Guidelines to quality in project management
Guidelines to help you ensure the quality of both the project processes and the project products.
ISO 10007:1995 Quality management – Guidelines for configuration management
Guidelines to ensure that a complex product continues to function when components are changed individually.

Required Level II Flow Charts (Procedures)
4.2.3 Control of Documents
4.2.4 Control of Quality Records
8.2.2 Internal Audit
8.3 Control of Nonconformity
8.5.2 Corrective Action
8.5.3 Preventive Action

Some Other Expected Process Maps
Product ID / Traceability ( 7.5.2)
Customer Property (7.5.4)
Preservation of Product (7.5.5)
Validation of Processes (7.5.2)
Process Measurement / Monitoring (8.2.3)
Product Measurement / Monitoring (8.2.4)
Analysis / Improvement (8.4, 8.5)

ISO 9001 Distilled - 4
4 Quality management Systems
Systemic Requirements.
4.1 General Requirements
Establish your quality system.
Develop your quality management system.
Identify the processes that make up your quality system.
Describe your quality management processes.
Implement your quality management system.
Use quality system processes.
Manage process performance.
Improve your quality management system.
Monitor process performance.
Improve process performance.

ISO 9000 Distilled - 4.2
4.2 Documentation Requirements
Document your quality system.
4.2.1 General
Develop quality system documents.
Develop documents to implement your quality system.
Develop documents that reflect what your organization does.
4.2.2 Quality Manual
Prepare a quality system manual.
Define the scope of your quality system.
Document your procedures.
Describe how your processes interact.

ISO 9000 Distilled - 4.2.3
4.2.3 Control of Documents
Approve documents before your distribute them.
Provide the correct version of documents at points of use.
Review and re-approve documents whenever you update them.
Specify the current revision status of your documents.
Monitor documents that come from external sources.
Prevent the accidental use of obsolete documents.
Preserve the usability of your quality documents.
4.2.4  Control of Records
Use your records to prove that requirements have been met.
Develop a procedure to control your records.
Ensure that your records are useable.

ISO 9000 Distilled - 5
5 Management Responsibility
5.1  Management Commitment
Support quality and promote the importance of quality.
Promote the need to meet customer, regulatory, statutory requirements.
Develop and support a quality management system.
Formulate your organization's quality policy.
Set your organization's quality objectives.
Provide quality resources.
Implement your quality management system
Provide resources to implement your quality system.
Encourage personnel to meet quality system requirements.
Improve your quality management system
Perform quality management reviews.
Provide resources to improve the quality system.

ISO 9000 Distilled - 5.2
5.2 Customer Focus
Satisfy your customers.
Identify customer requirements.
Expect your organization to identify customer requirements.
Meet your customers' requirements.
Expect your organization to meet customer requirements.
Enhance customer satisfaction.
Expect your organization to enhance customer satisfaction.

ISO 9000 Distilled - 5.3
5.3 Quality Policy
Define and establish your organization's quality policy.
Ensure that it serves your organization's purpose.
Ensure that it emphasizes the need to meet requirements.
Ensure that it facilitates the development of quality objectives.
Ensure that it makes a commitment to continuous improvement.
Manage your organization's quality policy.
Communicate your policy to your organization.
Review your policy to ensure that it is still suitable.

ISO 9000 Distilled - 5.4
5.4   Planning
Carry out quality planning.
5.4.1 Quality Objectives
Formulate your quality objectives
Ensure that objectives are set for functional areas.
Ensure that objectives are set at organizational levels.
Ensure that objectives facilitate product realization.
Ensure that objectives support the quality policy.
Ensure that objectives are measurable.
5.4.2 Quality Management System Planning
Plan the development of your quality management system.
Plan the implementation of your quality management system.
Plan the improvement of your quality management system.
Plan modifications of your quality management system.

ISO 9000 Distilled - 5.5
5.5   Responsibility, Authority and Communication
Control your quality system.
5.5.1 Responsibility and Authority
Clearly define responsibilities and authorities.
Communicate responsibilities and authorities.
5.5.2   Management Representative
Assign a Management Representative.
Oversees your quality management system.
Reports on the status of your quality management system.
Supports the improvement of your quality management system.

ISO 9000 Distilled - 5.5.3
5.5.3 Internal Communication
Support internal communications.
Ensure
Internal communication processes are established.
Ensure that communication occurs throughout the organization.
5.6 Management Review
Perform management reviews.
5.6.1 General
Review quality management system.
Evaluate
The performance of your quality system.
Evaluate whether your quality system should be improved.

ISO 9000 Distilled - 5.6.2
5.6.2 Review Input
Examine
Management review inputs.
Audit results.
Product conformity data.
Opportunities to improve.
Feedback from customers.
Process performance information.
Corrective and preventive actions.
Changes that might affect your system.
Previous quality management reviews.
5.6.3 Review Output
Generate
Management review outputs.
Actions to improve your quality system.
Actions to improve your products.
Actions to address resource needs.

ISO 9000 Distilled - 6
6 Resource Management
6.1  Provision of Resources
Identify
Quality resource requirements.
Resources needed to support the quality system.
Resources needed to improve customer satisfaction.
Provide
Quality system resources.
Resources needed to support the quality system.
Resources needed to improve customer satisfaction.
6.2 Human Resources
Provide quality personnel.

ISO 9000 Distilled - 6.2.1
6.2.1 General
Use ‘competent’ personnel and Ensure:
Your personnel have appropriate experience.
Your personnel have appropriate education.
Your personnel have appropriate training.
Your personnel have appropriate skills.
6.2.2 Competence, Awareness and Training
Define acceptable levels of competence.
Identify training and awareness needs.
Deliver training and awareness programs.
Evaluate effectiveness of training and awareness.
Maintain a record of competence.

ISO 9000 Distilled - 6.3
6.3 Infrastructure
Provide an infrastructure for quality.
Identify during planning:
Infrastructure needs.
Building needs.
Workspace needs.
Hardware needs.
Software needs.
Utility needs.
Equipment needs.
Support service needs.

ISO 9000 Distilled - 6.3
6.3 Infrastructure (continued - I)
Provide Needed:
Infrastructure
Buildings
Workspaces
Hardware
Software
Utilities
Equipment
Support services

ISO 9000 Distilled - 6.3
6.3 Infrastructure (continued - II)
Maintain your:
Infrastructure
Buildings
Workspaces
Hardware
Software
Utilities
Equipment
Support services

ISO 9000 Distilled - 6.4
6.4   Work Environment
Provide a quality environment.
Identify needed work environment factors needed to ensure products meet requirements.
Manage needed work environment factors needed to ensure products meet requirements.

ISO 9000 Distilled - 7
7     Realization Requirements
7.1  Determination of Requirements Related to the Product
Control realization planning.
Plan product realization processes.
Define product quality objectives and requirements.
Identify your product realization needs and requirements.
Develop product realization:
Processes
Documents
Record keeping systems
Methods to control quality during product realization.

ISO 9000 Distilled - 7.2
7.2  Customer Related Processes
Control customer processes.
7.2.1 Identify customers' product requirements
Identify Requirements that:
Customers want you to meet
Are dictated by the product's use
Are imposed by external agencies
Your organization wishes to meet
7.2.2 Review customers' product requirements
Review requirements before you accept orders from customers.
Maintain a record of your product requirement reviews.
Control changes in product requirements.

ISO 9000 Distilled - 7.2.3
7.2.3 Customer Communication
Communicate with your customers.
Develop a process to control communications with customers.
Implement your customer communications process.
7.3  Design and Development
Control product development
7.3.1 Design and Development Planning
Have a Design System (Planning).
Define your product design and development stages.
Clarify design and development responsibilities and authorities.
Manage interactions between design and development groups.
Update your design and development plans as changes occur.

ISO 9000 Distilled - 7.3.2
7.3.2 Design and Development Inputs
Define design and development inputs.
Specify product design and development inputs.
Record product design and development input definitions.
Review product design and development input definitions.
7.3.3 Design and Development Outputs
Define and create product design and development outputs.
Approve design and development outputs prior to release.
Use design and development outputs to control product quality.

ISO 9000 Distilled - 7.3.4
7.3.4 Design and Development Review
Perform and record results of  product design and development reviews.
7.3.5 Design and Development Verification
Perform and record results of design and development verifications.
7.3.6 Design and Development Validation
Perform and record results of product design and development validations.

ISO 9000 Distilled - 7.3.7
7.3.7 Control of Design and Development Changes
Identify and record results of  changes in product design and development.
Review and record results of  changes in product design and development.
Verify changes in product design and development.
Validate changes in product design and development.
Approve changes before they are implemented.

ISO 9000 Distilled - 7.4
7.4 Purchasing
Control purchasing function with a system.
7.4.1 Purchasing Process
Maintain control purchasing process.
Ensure that purchased products meet requirements.
Ensure that suppliers meet requirements.
7.4.2 Purchasing Information
Document product purchases.
Describe the products being purchased.
Specify the requirements that must be met.

ISO 9000 Distilled - 7.4.3
7.4.3 Verification of Purchased Product
Verify products you purchase.
Verify purchased products at your own premises.
Verify purchased products at suppliers' premises (when required).

ISO 9000 Distilled - 7.5
7.5 Production and Service Provision
Control your operational activities.
7.5.1 Control of Production and Service Provision
Control production and service:
Processes
Information
Instructions
Equipment
Measurements
Activities

ISO 9000 Distilled - 7.5.2
7.5.2 Validation of Processes for Production and Service Provision
Validate production and services.
Prove that:
Special processes can produce planned outputs.
Process personnel can produce planned results.
Process equipment can produce planned results.
7.5.3 Identification and Traceability
Identify and track your products (when appropriate).
Establish the identity of your products (when appropriate).
Maintain the identity of your products (when appropriate).
Identify the status of your products (when appropriate).
Record the identity of your products (when required).

ISO 9000 Distilled - 7.5.4
7.5.4 Customer Property
Protect property supplied by customers.
Identify property supplied to you by your customers.
Verify property supplied to you by your customers.
Safeguard property supplied to you by your customers.
7.5.5 Preservation of Product
Preserve your products and components:
During internal processing.
During final delivery.

ISO 9000 Distilled - 7.6
7.6 Control of Monitoring and Measurement Devices
Use devices to ensure that your products meet requirements.
Identify monitoring and measuring needs.
Identify the monitoring and measuring that should be done.
Select monitoring and measuring devices that meet your monitoring and measuring needs.
Calibrate monitoring and measuring devices.
Perform calibrations.
Record calibrations.
Protect monitoring and measuring devices.
Protect your devices from unauthorized adjustment.
Protect your devices from damage or deterioration.
Validate monitoring and measuring software.
Validate monitoring and measuring software before you use it.
Revalidate monitoring and measuring software when necessary.

ISO 9000 Distilled - 8
8 Measurement, Analysis and Improvement
8.1 General
Plan your measurement processes.
How measurement processes will be used to assure conformity.
How measurement processes will be used to improve the system.
Implement and perform measurement processes.
Use measurement processes to demonstrate conformance.
Use measurement processes to improve quality management system.

ISO 9000 Distilled - 8.2
8.2 Monitoring and Measurement
Monitor and  measure quality.
8.2.1 Customer Satisfaction
Monitor and measure customer satisfaction.
Identify ways to monitor and measure customer satisfaction.
Monitor and measure customer satisfaction.
Use customer satisfaction information.

ISO 9000 Distilled - 8.2.2
8.2.2  Internal Audit
Plan and perform regular internal audits.
Set up an internal audit program.
Develop an internal audit procedure.
Plan your internal audit projects.
Perform regular internal audits.
Solve problems discovered during audits.
Verify that problems identified have been solved.

ISO 9000 Distilled - 8.2.3
8.2.3 Monitoring and Measurement of Processes
Monitor and measure quality processes.
Use suitable methods to monitor and measure your processes.
Take action when your processes fail to achieve planned results.
8.2.4 Monitoring and Measurement of Product
Monitor and measure product characteristics.
Verify that product characteristics are being met.
Keep a record of product monitoring and measuring activities.

ISO 9000 Distilled - 8.3
8.3 Control of Nonconforming Product
Develop a procedure to control nonconforming products.
Define how nonconforming products should be identified.
Define how nonconforming products should be handled.
Identify and control your nonconforming products.
Eliminate / Correct product nonconformities.
Prevent the delivery or use of nonconforming products.
Avoid the inappropriate use of nonconforming products.
Re-verify nonconforming products that were corrected.
Prove that corrected products now meet requirements.
Control nonconforming products after delivery or use.
Control events when you deliver or use nonconforming products.
Maintain records of nonconforming products.
Describe your product nonconformities.
Describe the actions taken to deal with nonconformities.

ISO 9000 Distilled - 8.4
8.4  Analysis of Data
Analyze quality information. Define:
Quality management information needs.
Information you need to evaluate your quality system.
Information you need to improve your quality system.
Collect quality management system data.
Monitor and measure the suitability of your quality system.
Monitor and measure the effectiveness of your quality system.
Provide quality management information:
About your customers.
About your suppliers.
About your products.
About your processes.

ISO 9000 Distilled - 8.5
8.5 Improvement
Make quality improvements
8.5.1 Continual Improvement
Improve quality management system
Use your audits to generate improvements.
Use your quality data to generate improvements.
Use your quality policy to generate improvements.
Use your quality objectives to generate improvements.
Use your management reviews to generate improvements.
Use your corrective actions to generate improvements.
Use your preventive actions to generate improvements.

ISO 9000 Distilled - 8.5.2
8.5.2 Corrective Action
Correct nonconformities.
Review your nonconformities.
Figure out what causes your nonconformities.
Evaluate whether you need to take corrective action.
Develop and take corrective actions to prevent recurrence when they are necessary.
Record the results that your corrective actions achieve.
Examine the effectiveness of your corrective actions.

ISO 9000 Distilled - 8.5.3
8.5.3 Preventive Action
Prevent potential nonconformities.
Detect potential nonconformities.
Identify the causes of potential nonconformities.
Study the effects of potential nonconformities.
Evaluate whether you need to take preventive action.
Develop and take preventive actions to eliminate causes.
Record the results that your preventive actions achieve.
Verify and document the effectiveness of your preventive actions.

Implementation
Implementing ISO 9001:2000
Some of you will be implementing in small companies. Some of you will be implementing in very large companies. In this document there is a mix of information. Some is appropriate to larger companies and some is targeted to smaller companies. In general it should be obvious but the rule of thumb is the bigger the company the more complex the issues become. Multi-nationals are the most complex, as one would expect.
While this presentation is aimed at ISO 9001, it applies to ISO 14001 and QS-9000 as well, for the most part. There are a number of additional issues associated with QS-9000, however in general the intent is the same in so far as the ISO 9001:1994 requirements basis. Implementing ISO 9001 vs. QS-9000 is  no different. From sweeps to document mapping, you have to determine what you have, what you need and how you want to get to the finish line.
Do not forget that implementing a QMS is a project.

The Fed Ex Registration
Food for thought… Discussion at: http://16949.com/ubb/Forum2/HTML/000078.html
Subject: RE: ISO 9001 Certified Virtual Office
Just as a point of clarification, the Fed-Ex audit approach was an exception to the rule. You are correct in stating that registrars need to follow rules for multi-site sampling. In this unique case, the RAB did approve the unusual approach used by the registrar. The exception was approved due to the unique design of Fed-Ex's systems. It is unlikely that another organization will duplicate these systems. Therefore, we should not expect to see this unique audit approach used for other organizations.
Indeed it was a virtual audit because hundreds of field offices were audited without the auditor physically being there. My agreement of confidentiality does not allow me to share more with you. Unless you fully understand how the Fed-Ex systems is set up, it is difficult to see that conducting a virtual audit is possible. It remains a controversial certification because of the approach used and the fact that it has not yet been used at another organization.

A Consultant?
Basic Reasons To Consider A Consultant
To help plan your project
An efficient implementation begins with a solid plan, taking into account those things you need to work on, leaving out those things which are already in place, and developing an accurate estimate of how long each implementation phase should take.
To help interpret the standard
A consultant who understands the standard's requirements can prevent wasted time doing things the standard does not require, or doing things in a way that does not meet the standard.  You do not want to have to undo any of your hard work.
To allow you to benefit from experience
Using a consultant allows you to begin work right away without having to learn things on your own, and without having to learn by your mistakes.
To watch your timeline
A consultant can work with your steering team and ISO point teams and make sure the work is done within the time allowed on the timeline.

Role of Consultant - Piano Teacher?
‘Full Service’
On-site full-time for the duration of the project. Various roles & Responsibilities.
Visits - As Required
Track progress through interviews (meetings) and ‘internal audits’. Address interpretations issues. Help with systems design.
Internet / Phone
Verify systems documents
Discuss interpretations and systems
Answer general questions
NOTES: Training can be  applied to any of the above but is on-site.
Internet / Phone is always available

Deliverables
Dependent Upon The Client’s Needs and Expectations
Must Be Agreed To In Advance
May Change During Project
May Include:
Project Management
Systems Design
Systems Documentation
Training
Internal Auditing

Implementation Guarantees
Some companies offer ‘guarantees’. Consider the details / requirements carefully.
Typical Disclaimer Example
“The ISO 9001 Network guarantees that your company will achieve ISO 9001, QS-9000, or ISO 14000 certification if you follow our program.” - From http://www.isonet.com/Gaurantee.htm (sic)
The time it takes to implement a system is inversely proportional to the company’s involvement and prioritization. As involvement and/or priority increases, time decreases. Pretty much a ‘no brainer’.

Example Guarantee Program
8-Step Guaranteed Registration Plan
PIC has now designed a cost effective training and consulting package to help your organization achieve registration -- GUARANTEED!
Our philosophy is to assist your company in developing and applying the skills necessary to plan, implement and achieve registration.
Our 8-Step Guaranteed Registration Plan includes:
1. ISO/QS-9000 Introduction Seminar - Training
2. ISO/QS-9000 Awareness Sessions - Training
3. ISO/QS-9000 Needs Assessment - Consulting
4. ISO/QS-9000 Implementation/Documentation - Training
5. ISO/QS-9000 System Development, Consulting, Coaching, Training
6. Choosing a Registrar - Consulting
7. Part A: ISO/QS-9000 Internal Auditor Training
Part B: Internal Auditor Site Coaching - Training
8. Part A: Pre-Assessment Audit - Consulting
Part B: Registration Audit - Consulting

A Consultant? Some Last Thoughts...
1. Prepare a statement outlining the nature, scope and objectives of the assignment.
2. Circulate this written statement to the key people in your organization inviting them to comment by a specific date in terms of whether it defines the need accurately and whether the assignment should be tackled internally or external help sought.
3. Define the expertise you will need.
4. Invite the consultant for an interview.
5. Brief the staff who will be involved in the selection process.
6. Avoid organization jargon.
7. Ask the consultant to describe how the assignment will be approached.
8. Request references, in confidence, to provide real examples of previous assignments carried out and check with the referees how successfully the assignment was carried out. Do not buy on price alone.
9. Express the assignment you wish carried out in terms of the end results, i.e. outputs, that you want to achieve.
10. IF YOU PROCEED… Provide resources and executive commitment. There is no point in seeking consultancy help unless you have the will, the resources and the organization resolve to follow the advice you get.

Implementation - The Process
Implementation Strategies
Compressed Project
Drop Dead Date
High Priority Project Management Approach
Intimate high level management involvement
Regular Scheduled Meetings
Business As Usual
Low stress
Low Priority Project Management Approach
Slipping schedule not critical
Irregular Meetings
Meandering
Slipping schedule not important
Low level management support / involvement
Irregular meetings
Project tends to ‘Fade Away’

Project Scope Considerations
Single Location
Current company / facility status
Scope of registration
Training needs
Implementation strategy
Resource allotment
Multiple Locations
Single or shared certificate
Degree of shared documentation
Degree of shared data / information systems
Network Capacity / Capability
NOTE: Single location considerations all apply to multiple location projects.

Implementation Commandments
You cannot give someone a responsibility without publicly conferring authority to act.
If top management doesn’t care, no one else will care.
If planned meetings are not attended, ‘someone’ isn’t serious about their part in the project.
Track the project publicly. Publicize status weekly or bi-weekly.
Communication may not be everything, but it is the largest single stumbling block. No camps with walls.
If people do not have enough time to begin with, they won’t have time for this.

Initial Basic Suggestions
I suggest you make and use a ‘history’ binder.
Make a list of your departmental ‘responsibilities’.
Think INPUTS and OUTPUTS
Prioritize each into ‘Tiers’ or ‘Levels’ in accordance with the Document Pyramid herein. Categorization is approximate.
Make a Plan or Schedule for each.
Always ask, as the auditor will:
“Does this affect the quality of our product(s)?”

‘Standard’ General Registration Path
Assess your situation (Pre-assessment)
Also called Gap Analysis
Consultant?
Define a plan with time line & begin
Interview and choose registrar
Documentation processes
Manage transitional activities
Registrar document review
Registrar pre-assessment
Corrective actions
Registration audit
Implementation time frame: 3 months to 2 years

Top Level Project Flow
‘Typical’ Detailed Implementation Steps Example
1 Determine Specific Requirement(s)
2 Define Time to Complete Requirement
3 Define Scope of Assessment
4 Project Set-Ups
5 Write Company Quality Systems Manual
6 Document Company Quality Policy
7 Define Documentation Systems
8 Document Master Numbering System
9 Establish Master Binders
10 Procedures History Binder
11 Project Master Binder
12 Review Status
13 Contact Registrar
14 Agree on Scope
15 Agree On Fees (Try to Bargain)
16 Agree On Audit Date(s)
17 Submit Required Documentation
18 Review Status
19 Awareness & Information Meetings - Hourly
20 ISO 9000 Awareness
21 Work Instructions & Documentation
22 Auditee Training
23 Awareness Reinforcement
24 Review Status
25 Tier 2 (Systems) Documentation
26 Gather Documentation Examples
27 Cross-Area Teams Define & Flow Chart Master Systems
28 Systemic Needs Analysis (Data From Walk-Thrus & Audits)
29 Determine & Integrate Additional Systems Requirements
30 Systems Procedural Documentation & Flow Chart Integration

Project Definition
Defining Responsibilities
Example Organizational Chart
Before you do anything else, be sure you have defined responsibilities from the top down. This is the typical method - An Organizational Chart.

Top Management
ISO talks about 'Top Management'. Pundits talk about how ISO can only succeed if 'Top Management' is involved. Just who is Top Management?
In your registration it will depend upon your company. I have argued that top management support is not always necessary for an implementation to succeed. In fact, often the 'real' top management of a company is hardly, if at all, involved. This is very common in sole proprietor situations. The owner, though involved in the business to some degree, essentially delegates all responsibility to a plant manager or other position. The owner often never even meets the registration auditors.
You have to take a good look at your company structure to determine who, in your company or facility, will be the 'targets' (Top Management).
See Clause_Interp_and_Upgrading.doc for details.

Responsibilities
Let's talk about Responsibilities
There are a number of ways to look at defining responsibilities.
Organizational Charts
Smaller companies usually only require a single 'org chart'. I have seen some put it right in the front of their 'quality manual'.
Many companies have numerous organizational charts from high level 'corporate masters' down to the level of each individual department. In larger companies, it should be noted, that these are typically in a state of flux. New 'positions' are made and others are eliminated. It is important for you to note that these are Controlled documents. A somewhat common failure mode is a loss of control or not defining who is responsible for the control of the organizational charts.
Matrices
Procedures

Other Responsibilities
The following are matrices used to define responsibilities in another way. We have discussed org charts, procedures and such, but what about people knowing what they are responsible for knowing and following?
Typically this is done during employee training. But - right now we're implementing. How do we know who is responsible for knowing about what and who is responsible for what systems.
The following slides are from an old implementation, however they may serve to illustrate tracking a large implementation project.

An Example Area ‘Element Responsibility’ Chart
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Department Specific Responsibility Tracking
Typical Failure Modes
Can’t explain systems and/or documentation
Lack of management involvement
Personnel not following documentation
Poor communication and/or training
Lack of documentation
No or inadequate document control
Poor record keeping and systems
More details at http://www.16949.com/failure.html

Critical Success Factors
Dedicated ‘Company Knowledgebase’
(Coordinator and/or Management Representative)
Pre-assessment (document and interview)
Involved, supportive top management
Receptive culture
Focus on business rather than functional areas
Prioritize processes based on customer needs, anticipated benefits, and potential for success

United States - IRS Deduction Ruling
IRS Revenue Ruling 2000-4
Implementation costs are tax deductible in the same year.
Registration costs and registration upkeep costs are tax deductible in the same year.
Internal man hours
Internal capital expenses
Consultant fees
I have seen combined implementation / registrar costs as low as US$10,000 and as high as US$10+M.

A Plan - Think Project
Example Project Plan Snippet
Support of Upper Management?
On 2/7/01 12:31 PM in article [email protected] worldnet.att.net, WL at [email protected] wrote :
>> You could bet your house on the statement "never, ever has
>>  there been an implementation of any quality system without
>>  top management's full support".
>>
>> Many champions of change have tried, and been fired for their
>> insubordination.
Nonsense. Many implementations do, in fact, succeed without the 'full' support of top management. Change your statement to read "...without some support from top management..." and I'll agree. Also see the Project Kickoff slide herein.

A Management Committee
Most companies establish a management committee (Steering Committee) to ensure buy-in and to ensure communication. No one likes dictates and surprises in an implementation project.
Obviously if there are only 25 employees in your company a committee may not make sense. However, this does not reduce the necessity to appropriately (we must use common sense here) communicate with employees to ensure everyone has a chance to buy into the process, provide inputs and to respond to outputs.

Project Kickoff
Many companies schedule a Kickoff Meeting to establish the project as official. While it is typical for ‘upper management’ (the ‘top dog’) to play a mostly invisible part in the project, the ‘top dog’ should be at this meeting as well as other ‘upper’ and middle management folks. The ‘top dog’ should (must?) voice his/her total support for the project.
This is where top management personally pledges support for the project.

What Does This Mean To YOU?
Check your local newspaper ‘Help Wanted’ advertisements.
You will see ISO9000 Experience Preferred or ISO9000 Experience Required.
No matter where you go in the world, working in an ISO 9000 environment is a Plus in employment.

Premise
Old:
The other shift must have done that.
That’s not my job.
I’m manufacturing (or quality or whatever...)
They brought it to me that way.
New:
Check incoming.
It is everyone’s job to Be Involved and to Care.
We’re all one company! It’s your job, too!
Communicate!

Discovery!  The Sweeps!
Open your eyes during this Discovery Period - there are things you can’t see.
Ask yourself about what your jobs are and the details of each job.
Self Inspection - Be aware of the output of your jobs. You are responsible.
Be looking for improvements at all times.
Remember that we are not here to blindly document everything.

Success Based Upon
Communication - ensure your ‘borders’, talk to your neighbors.
Communication - your business is a machine where many parts must ‘talk’ to each other.
Communication - tell your neighbor your problems and listen to your neighbor’s problems.

Old and New
Most of your audits up until now have been Product and Process audits by Customers.
ISO9000 is a Systems audit which focuses on all systems and all products. A significant feature is a focus on process interactions.

Remember -- The Idea is NOT....
To start a lot of new documentation. Scott Adams is wrong (Dilbert). Not everything, like handling (often), has to be documented. But - we must use common sense.
To change the way you do things every day.
To ‘Right Every Wrong’. Take the easy stuff and change it. Take the ‘Hard’ stuff - Identify it and make a Plan to address the issue

The Basics
Say What You Do
This means document your systems so you will consistently do the job the same way every time. We must make sure we have appropriate documentation. Use common sense!
Do What You Say
This is what the auditors want to see. Objective evidence that what you say you are doing in your documentation is what you are doing in practice.

Things to Know
Know what documentation affects YOU!
You must know what documentation applies to your job. This should have been told to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
Know what training you have had. If you do not know, ASK YOUR SUPERVISOR NOW! Don’t wait until the audit!

Organization and Friendliness
Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?

Managers Should Think About...
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
What is your company policy on white-out?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?

Last Things to Think About
Employee Training - System in Process
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
Work Areas
Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?

A “War Room”
(Status and Tracking)
Discovery and Classification
Define Document Types
(Classifications)
More on Documentation
Interviewing A Registrar
Basics
I want to remind you that choosing a registrar is like choosing a life partner. While it may not be ‘Until death do us part’, it is quite close.
The intent herein is not for every question to be asked, but rather as a sort of check list to jog your thoughts with respect to YOUR company’s requirements.
Do remember that anything not discussed early is subject to interpretation later!
Some important starters:
Who (e.g.: RAB) is the registrar approved by?
Will the registrar  provide client names and references?
How many Man days and how many Auditors? (Registration vs Surveillance)
How do they conduct surveillance visits? Scheduled or unscheduled?
Note: There is some redundancy of questions within this presentation.

Inform & Discuss
Plant Layout - Have a copy to give them for planning.
Number of shifts and employees per shift - What shifts will be audited? What hours?
Pre-assessment Audit? - If so, Scope. I prefer the preassessment to be limited to an in-house document and systems review (Quality Manual, all tier [level] 2’s and any related documentation). My concern is less ‘are the folks following documentation’ than ‘is the documentation and are the systems acceptable’ to the registrar. We can assure the folks are following documentation internally. Note: One company I spoke with charged for a Pre-assessment whether you had one or not. I was told that if they did not do a pre-assessment they would have to spend more time during the registration assessment.
NOTE: Documentation failure is the most common registration failure mode.
DoD and other Sensitive Areas - Make sure everyone agrees on how they will address the ‘Secret’ / ‘Top Secret’ aspects of your company’s business. This will probably be a function of scope.

About The Auditors
What are the registrar’s qualifications requirements for auditors? (for hiring or using an auditor) Are the auditors trained and certified under ISO 10011 (guidelines for auditing quality systems)?
How many organizations has the typical auditor certified? (Audits per year)
How many assessors does the registrar have?
What is the turnover rate for assessors in the registrar’s company? If there is high turnover that will affect the consistency of the assessment service they provide.
How are auditor substitutions handled?
Does the company provide training for auditors and other personnel to keep them abreast of developments in their specific discipline? Are there training records? Frequency of training?
Will he/she/they (auditor[s]) be available for an interview for your company to assess their suitability? (I doubt you will really want to do this, but many big companies do this.)

Questions & Thoughts 1
What are your requirements as a registrar above and beyond ISO9001?
Request hard copy of their ‘Contract Requirements’
Ask if there are any requirements not on their ‘Contract Requirements’ listing.
Are the registrar’s auditors direct hire full-time employees or are they contract?
Will your company have the same Lead Auditor every audit (a Project Lead Auditor)?
NOTE:  Most registrars ‘appoint’ a specific person as a project manager (project lead auditor or what ever the registrar calls it). Ask about how the registrar you are interviewing structures their projects.
Will the registrar send the Project Lead Auditor on each audit or will a substitute be assigned for surveillance audits?
Will only the Lead Auditor have experience in the industry or will every member of the audit team?

Questions & Thoughts 2
How far in advance do they notify you of an impending audit, and provide you with an audit schedule. This will help you prepare for the audit easily if they provide at least 6 weeks.
How many hours per day is planned during an audit? Some companies consider a day in-plant as 6 hours saying the other time is ‘report writing’ time.
Ask the registrar to explain the details of their billing.
Are there any extra charges and tie this down in a written quote. Are travel and lodging expenses covered by the bid? Rental car(s)? There are stories of some companies charging extra for each non-conformance report.
What quality system does the registrar have in place? Request a copy of their Quality Manual.
 Will they provide you with their internal audit schedule and results of audits and corrective and preventative action?

Questions & Thoughts 3
How long will it take them to issue you a certificate once they have recommended you for approval?
How long has the registrar been in business, and do they have any European or Far East affiliates in the registration business?
If you will one day be going for ISO14000, does the registrar support this standard as well, and would they be able to combine (thereby reducing the man-days at your site, and $s) the ISO9000 audit with the 14000 audit?
Who does documentation assessment and who does the audit? What is their experience / qualifications?

The Audits
How many Man Days?
Registration Audit
Surveillance Audits
How many weeks in advance do they provide the detailed audit schedule?
Is there a ‘Complete’ re-audit every three years? Or do they audit on a ‘continuous’ basis?
Surveillance Audits
Frequency - Every 6 months or yearly? (Ask their thoughts)
How much is audited in each surveillance audit?

Communications
I want to address this briefly, but note it is very important. One registrar I dealt with took over a month to respond to questions. A week maximum is appropriate. I’ve seen phone calls to be returned forgotten. This area can be critical to your company. You want a responsive registrar.
How long does it take their office to respond to questions (typically)?
If it becomes necessary to speak with the Project Lead Auditor, how is that done and how soon after the request will the Project Lead Auditor contact your company?

Specification Interpretations
One of the biggest complaints with ISO9001 is interpretation of the standard. Each auditor has his/her own paradigm and thus expectations. This is one of the reasons why having the same auditors is preferred. This is also the reason why I prefer the pre-assessment be limited to an on-site document review where the auditors set up in offices or a conference room. There they review the Quality Manual against the level 2’s in interviews. Level 3 documents are reviewed and objective evidence provided as requested - however, this is all done in the conference room, NOT on the floor. In short - Are our systems acceptable.
This type of audit is a Verification Audit as opposed to a Validation Audit which is where they actually hit the floor. Now - the 2 big questions:
1)  How are disputes with an audit finding handled? Ask them to explain their system. (Request a copy of their procedure!)
2)  How does the registrar ensure consistency of interpretations within their company? Some companies have weekly in-house meetings, some have conference calls, some do nothing. THIS IS IMPORTANT!!!

What’s In A Contract Anyway?
When you get a copy of the registrar's contract, read every word and try to imagine the worst possible scenario. Some time back when I was casting about for a registrar, one sent me a contract which stated the following for audit costs:
XXXXXX "reserves the right to increase charges during the certification period".
Another said: "...approximately 45 days prior to the anniversary date of certificate issuance, XXXXXX shall notify the client in writing of the annual costs to maintain the certificate."
These appear to me to be licenses to steal. It would seem prudent to get these things tied down in your initial contract.
Remember: Contract Review!

Audit Nonconformance Questions
How shall we be notified of non-conformancies or deficiencies?
What is the typical response time allowed for initial response to a nonconformance identified during an audit:
Major nonconformance
Minor nonconformance
Will a nonconformance during the initial assessment require a partial or follow up assessment to verify corrective action? If yes, what shall the cost of follow up audits be?
NOTE: Typically if there are 1 or more MAJOR non-conformances, they have to make a return visit. Minors are typically followed up by mail, FAX, etc.
Can we be recommended for certification if there are still some minor open non-conformances? Determine details.
How many months of internal audit records do you require before scheduling an audit?

Project Actions
Sweeps - The Discovery Phase
Sweeps
Where to Start - Documentation
Discovery Inventory

Identification
Choose a method of verifying a swept area.
One method I have used it to obtain some sheets of adhesive labels (we used the small coloured dots). You might want to make sure they are ‘easy peel’ labels. Label every drawer, shelf and other area swept ‘as you go’. Person checking initials, dates and places the dot where it is easily seen.

Sweeping An Area - I
Things to look for:
Documents
Local “How To…” documents
Specifications
Prints
Forms, Tags
Measurement and Test Equipment
Where to look:
On every shelf
In every drawer
At every work station
On every wall
Under every table, desk, etc.

Sweeping An Area - II
Things to ask yourself as you look:
Documents
Is there a date on the document?
Does it appear to be ‘valid’ (current)?
If it is a hand written document or a company ‘memo’, is there a name or department on it? Whose is it?
Is it a system document? What system?
Shelves
What is on the shelf? Is it garbage?
Is the shelf labeled? Are some shelves labeled and some not labeled? If so, why?
If the shelf is labeled, does what is on the shelf match the shelf label?

Some Things To Think About...
Work Instructions
Does Your Job Have Relevant Work Instructions? Does It Need Work Instructions?
Are Work Instructions Controlled?
Is Each Signed & Dated?
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Equipment Preventive Maintenance
Are All Equipment PMs Up To Date and to a Schedule?

More(!) Things to Think About
Defective Material
Is Defective Material Identified and Segregated? How?
Is A Defective Material ‘HOLD’ Area Identified?
Work Areas
Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?
Employee Training
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained? How do we know?
Where Are Training Records Kept?
Are Training Records Up To Date?

Organization and Friendliness
Look at shelves, work areas.
Are they obviously orderly?
Are they ‘friendly’ to work with?
Are shelf labels correct?
Is there anything like glue or ink which has an expiration date?
Common sense
Are carriers stacked correctly?
Are there any old labels or other identification on carriers?

Discovery Phase (Sweeps) Check List
Discovery Phase Check List
Documentation - The Details
Why the Stress on Documentation?
The majority of failures in both QS and ISO 9000 registration efforts has been, and continues to be, 4.2 Documentation Requirements (QS element 4.5).
This issue is almost always evident from my first visit and I believe we all know this is typically a deep problem.
Discontinuity is often discovered in the documentation. Even Quality Manuals are shown to have invalid links.
Auditors will focus on the continuity and flow of documentation. Inconsistencies can keep the facility from passing the registration audit.

What is Documentation?
Documentation is much talked about. There are different types. At Motorola, for example, there are corporate 12M’s. Sectors each have SOPs and maintains a Quality Systems Manual. Each facility has their own specific documentation (which must correlate with Sector and corporate documentation. There is also process documentation in the manufacturing areas.
Everyone uses documentation outside of work. If you buy something (like a clock), there are instructions in the box. That is documentation.
Think of documentation as instructions. Documentation explains how to do things.
The auditor’s job is to make sure everyone is ‘Following Instructions’.

An Everyday Work Instruction
This is the ‘Work Instruction’ which comes with an aquarium heater. It gives the user some basic information. Note that there are  graphics (several in multiple languages) in addition to the basic text. There is also a ‘selection’ guide for the purchaser.

What is Controlled Documentation?
A controlled document is typically one that is Revision sensitive - BUT - Not always!!
If a controlled document is changed, a record of the change has to be made. This means we must have a History of All Changes.
If a document is changed, people who use it must know about the change. This means there has to be a distribution list or other effective way to let everyone who uses it know the document has changed.
Every employee must know how to check to see if documentation they are using is the most current version.

‘Standard’ Documentation Pyramid
Documentation
Organization Charts
Procedures
Forms
Tags
Prints
Specifications
Statistical Data
Inspection & Test Results

Myths vs. Truths
Documentation Is Meant To Be Easily Changed
The Less Documentation, The Better

Basic Rules
Your Job & Documentation
SAY What You Do
Documentation
DO What You Say You Do
Actions
If It’s Not WRITTEN Down, It DIDN’T Happen

Quality Records
What Are Quality Records?
Any record where data is taken where the data is a result of inspection and/or test
Any record which provides for traceability
Nonconformance related documents
The bottom line here is we have to review our documents in a general sense and identify those which relate to quality issues

Typical Types of Records
Management Review Records
Contract Review Records
Purchasing (Purchase Orders)
Identification and Traceability
Process Control
Inspection and Test Reports and Records
Qualification Reports
Validation Reports
Material Review Reports
Control of Measurement and Test Equipment
Calibration Reports/Data
Non-conforming Product
Disposition Records
Corrective and Preventive Action
Internal Quality Audits
Training Records

Records Management Activities
Management of Active records
Records creation (forms)
Design of records system
Retention schedule
Vital records protection
Development of records procedures
Indexing
Filing
Access
Disposition

Records Required By ISO 9001:2000
5.6.1 Management review minutes / etc.
6.2.2 (e) Education, training, skills and experience.
7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
7.3.2 Design and development inputs.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.3.7 Results of the review of design and development changes and any necessary actions.
7.4.1 Results of supplier evaluations and actions arising from the evaluations.
7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
7.5.3 The unique identification of the product, where traceability is a requirement.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results.
8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
8.5.2 Results of corrective actions.
8.5.3 Results of preventive actions.

Document Mapping
Document Mapping
In a structured system, there are ‘levels’ of documentation. In general terms we have the description of documentation in levels or tiers. As we learned earlier there are typically 4 tiers of documentation in an organization (excluding Ad Hoc documents).
The top tiers normally guide the content and focus of the bottom tiers. In short, each successive lower tier is DEPENDENT upon the upper tier which defines it. This is said to be a ‘Flow Down’ of requirements.
Higher level documents normally cite lower level documents. These citations are important as they form a ‘trail’ which can be followed. The top level documents tend to be general and to some extent vague while the lower level documents provide increasing detail.
Sometimes the reverse also happens - lower level documents cite higher level documents internally. There is controversy as to whether this is ‘good’ practice. In my opinion, requirements should Never flow up.
Document mapping is more important now than ever as mature companies shift towards interdisciplinary (cross-functional) communication and operation. The old way was for departments to ‘pass off’ to another department. The new way causes everyone to be involved. In short, the rise of the importance of Teams requires documentation to be more integrated and consistent - and thus the need for control is greater. This is also the reason for the ‘review’ requirement.

Mapping Aspects
Mapping starts at the top with the QA Systems Manual. This may be a sector manual or it may be a local manual.
Validation - When you map documents, you ‘verify’ links between documents (where one document cites another within it). The first thing to verify is that the cited document exists.
A second aspect of mapping is to verify that the content of the citation is relative. This is to say that the links should ‘make sense’. If a citation in one document says something like “The audit will be performed in accordance with procedure ABC-1234” and procedure ABC-1234 is titled ‘Calibration of Pressure Gages’, it is evident that the link is NOT Valid! It does not make sense!
After verifying that the linked document both exists and that the links are ‘relative’ and make sense, the document is mapped to the matrix relative to the mapping project. In our case the matrix is QS 9000 line items against the document ‘class’.

Document Tiers & Classes
It is uncommon to find ‘Pure’ documents. That is to say, it is not very often you find a document which one can clearly define as ‘only’ Tier I or Tier II or Tier III. In almost all cases there is some cross over. A good example is a Tier III document which becomes a Tier IV document. In this case we have a document which is a Tier III Procedure with some places which which will eventually be filled with data - which will then make it a Record (Tier IV).
The idea of a defined border and thus a pure document is fine, but is seldom actually seen. Normally the closest you will come is with the Quality Systems Manual. A QSM will normally be the ‘purest’ document you will find within any given system.
Purity is to some degree a function of company size. A company with only 20 to 50 employees with simple processes will generally have little need for ‘pure’ structure. The necessity of structure in very large companies necessitates a more defined documentation structure in large part due to necessary overall complexity.
Also consider the idea of document classes. Classes may include production documents, engineering documents, Human Resources documents, maintenance documents, etc. From this we should understand there are usually several classes of documents in any given tier.
Document classes are related to document tiers. In most companies there are multiple document ‘classes’. These classes are always Tier II or lower.

High Level Documentation Structure
Local Documentation Tiers
Typical Documentation Tiers
Flow Up vs Flow Down
Not all documents have flow down requirements.
Flow downs are normal.
Flow downs generally reference lower level documents, but references are not mandatory.
Flow Ups MUST *NEVER* be found.

Documentation Compliance Considerations
Mapping - Two Aspects
Line Item Matrix Mapping
Determination of Required Documents
Once you have completed mapping your documents, you want to revisit your requirements matrix. You have gone through an initial Gap Analysis where a determination was made as to what systems exist and which ones do not. Typically the Gap Analysis gives you an idea of what Level II documents and systems are required. At this point we want to look at what Level IIIs and Level IVs exist.

Summary
Mapping internal documents is:
Verify internal reference documents exist and that the names and numbers ‘make sense’
Verify that the link subject matter makes sense and that requirements flow down
Find where the document fits in the ISO 9001 line item matrix
Examine matrix for redundancy

Process Mapping
Why Process Maps?
Typical Top Level Operations Flowchart
Business As A System (Process)
Use a Process Flow Chart!
Because:
You want to understand your current process
You are looking for opportunities to improve
You want to illustrate a potential solution
You have improved a process and want to document the new process

Creating a Process Flow Chart
1. Identify the process or task you want to analyze. Defining the scope of the process is important because it will keep the improvement effort from becoming unmanageable.
2. Ask the people most familiar with the process to help construct the chart.
3. Agree on the starting point and ending point. Defining the scope of the process to be charted is very important, otherwise the task can become unwieldy.
4. Agree on the level of detail you will use. It’s better to start out with less detail, increasing the detail only as needed to accomplish your purpose.

Creating a Process Flow Chart
5. Look for areas for improvement
Is the process standardized, or are the people doing the work in different ways?
Are steps repeated or out of sequence?
Are there steps that do not ad value to the output?
Are there steps where errors occur frequently?
Are there rework loops?
6. Identify the sequence and the steps taken to carry out the process.
7. Construct the process flow chart either from left to right or from top to bottom, using the standard symbols and connecting the steps with arrows.
8. Analyze the results.
Where are the rework loops?
Are there process steps that don’t add value to the output?
Where are the differences between the current and the desired situation?

Early Process Flow Diagram
Flowchart
Benefits of Using Flowcharts
Promotes understanding of a process
Identifies problem areas and opportunities for process improvement
Provides a way of training employees
Depicts customer-supplier relationships

Symbols Used In Flowcharts
Basic Flow Chart Example - High Level
Basic Flow Chart Example - High Level
Flow Chart Example - Low Level
Process Map Elements
Process Map Elements
Process Map Elements
7 Steps to Process Mapping
Process Mapping Worksheets
Process Mapping Steps 1 and 2
Process Mapping Step 3
Process Mapping Step 4
Process Mapping Step 4
Job Descriptions
At this time you should be looking at what job descriptions you have and determining what job descriptions you need.
Please don’t forget job descriptions!

Process Mapping Step 4
Process Mapping Step 5
Process Mapping Step 6
Internal Audits
Internal Audits
You must complete at least 1 full round of internal audits prior to your registration. In addition, you have to show at least one example of where a nonconformance was identified and corrected. You must also show where you verified the effectiveness of the corrective action.
Drive your implementation through Internal Audits.
You can use internal audits as a method of training departmental managers and others. As you go through the audit, you explain the basics of that person’s responsibilities with respect to ISO 9001. You can also explain the basics of ISO 9001, go over the Quality Policy, etc.
These internal audits may prove to be long and problematic. This should be expected because employees are all learning about ISO 9001 and the requirements. Sometimes they’re learning new systems and such as well.
You may want to take a read through http://16949.com/Audit/

The Internal Audit
The Systematic Investigation
of the Intent, Implementation, and Effectiveness
  of Selected Aspects of the Systems
  of an Organization
or One or More of It’s Departments

A Typical Audit Process
Internal Audit Goal
To Collect
Objective Evidence
To Permit An
Informed Judgment
About The
Status and Effectiveness
Of The Systems Audited

Objective Evidence
It exists
Not influenced by emotion or prejudice
Based on observation
Verbal or documented
Verifiable
May be quantitative
Within the systems being audited

Many Requirements
QS/ISO 9001
Contract Requirements
Company System Requirements
    (Policy, Procedures, Instructions)
OSHA
EPA
Federal and State Regulatory

Internal Audits
Schedule Example
Outsourcing Internal Audits
Many smaller companies outsource internal audits.
Many large companies have a distinct department which carries out internal audits at facilities world-wide.
There are a number of possible failure modes in internal auditing. You will have to make your own decision. My opinion is to outsource internal audits.
Details are discussed in two threads:
http://16949.com/ubb/Forum13/HTML/000041.html
http://16949.com/ubb/Forum2/HTML/000123.html

Project Fulfillment
Enter The Registrar
The Registrar’s Document Review
Prior to a pre-assessment, your registrar will want to review your documentation. Typically, they want your Systems Manual (Quality Manual) and a copy of your level II documents. However, some registrars only require your quality manual. ASK them specifically what they want submitted for review.
You should not let the registrar wait to ‘the last minute’ do a document review. I often see this done. The client gets the review back at or just prior to the pre-assessment. Folks, this does not allow you any time to deal with any problems if any are encountered during the review. Try to get your review done 6 weeks or more prior to pre-assessment.

Pre-Assessment Audit
Some registrars require a pre-assessment. Some do not.
A pre-assessment is a valuable tool. Your relationship with your registrar is going to be an intimate one. Interpretation of the requirements with respect to your company and ‘the intent’ is a big factor in a registration. During this visit you will ‘get to know’ your registrar.
The man-days for the pre-assessment are typically about 1/3 or less than for the registration audit.
The pre-assessment is, like the registration audit, a sample. Everything will not be looked at.

Assessment Audit
This is the fun audit! This is where everyone is fair game. Not much else I can say.
This is, like all audits, a sample. But it is a big sample. They look at a representative sample of each system.
The following slides tell you what to expect.

Reasons For Third Party Audits
Everyone is familiar with the idea of audits. One place we are all aware of audits is in the banking industry. For years, the government has required banks to submit to periodic audits by government agencies and/or external companies who specialize in auditing. Few people want to put their money in a bank where there are no controls such as periodic audits. If there are no audits, you have no way of knowing if your bank is using your money well. If the bank is not ‘using your money well’ the bank could easily fail - then you could lose all of your money.
Audits in other service industries and in manufacturing industries are not new. Customer audits have been going on for years. But only recently has the idea of third party audits become reality. This is in large part due to the adoption in Europe of ISO 9001 and other international standards.

Reasons For Third Party Audits 2
The intent of third party audits is to provide assurance that a company complies with a standard or specification.
Many people say that third party audits will eliminate customer audits. This has not been the case up to now in part because customers still see the need to ensure compliance to their specific requirements. Even QS-9000, specific to Ford, GM and Chrysler suppliers, does not eliminate customer audits.

What is an Auditor?
An auditor is a person. Their job is to validate documentation. This means they look at documentation (instructions) and make sure people are following the documentation.
Auditors go from company to company validating documentation.
Auditors are just people who ask questions about how you do your job.

Auditors Are Not!!!
Inquisitors
Fault Finders
Rock Throwers
Avenging Angels (Biased For or Against)
Dishonest
Overactive

What Will The Auditors Do?
The auditors will look at written procedures and policies (verification).
The auditors will then look at and ask how people in the company do things. They will look to make sure each person is following written procedures and policies (systems / process validation).
They will look at records to ensure everyone is properly completing paperwork (examples would be process related documentation and SPC charts).
They will look to make sure everyone is properly trained to do their job.

Who Will Be Audited?
Absolutely Everyone whose job affects quality (almost everyone’s job does in some way) is subject to the audit.
And the farther up the corporate tree you go, the more difficult the audit is. This is because as you go up the tree (eventually to the CEO), job duties and responsibilities increase.
Corporate Personnel
Plant Manager
Departmental managers
Supervisors
Engineers
Technical personnel
Associates

The Audit Team
When you are visited by an auditor, he/she will NOT be alone. At the very minimum, there will be:
The Auditor
A Company Escort - This will be someone from within the company who knows the area and the specification well. The escort will try to provide structure to the audit and will try to help out when he/she can. Often this will be the management representative.
The Area Supervisor and/or Manager - The area supervisor or other person directly responsible for the area will be present.
Remember - YOU ARE NOT ALONE!

Types of Audits
Internal Audit
An audit of internal systems and/or procedures. An internal audit is most often performed by people how directly work for the company. Many companies hire outside firms (see third party below) to perform the audits.
External Audit
Second Party - Customer Audits
Customer audits are those where a customer (or a customer representative) performs the audit. A customer audit is not ‘objective’ because the customer is intimately involved with your company (the supplier to the customer). This involvement can BIAS the audit.
‘Third Party’ Audits
Third party audits are like those you think of when you think of bank audits. Banks (and other financial institutions) must hire a company or person to audit their books and procedures. The company or person hired to do the audit cannot have an ‘interest’ in the business it is auditing. This is known as an ‘Independent Audit’. Your registrar audit is a third party audit.

What Will Happen If...
If an auditor finds a problem, s/he will let the person being audited know immediately that a possible problem may exist. In NO case will the auditor ‘find a problem’ and not discuss it with the auditee ‘on the spot’. They always tell the auditee the suspected problem. Many registrars (registrars do *NOT ALWAYS* require this) will ask the auditee (or other company official present) to sign a statement of fact of what was found (statement of objective evidence). The auditee should know that signing the statement is NOT an admission of a problem. It is an agreement of facts found. Whether or not it is a problem is discussed during end-of-day and final review meetings.
If an auditor leaves your area and says nothing about a possible problem, you can be sure no problem(s) were found. Auditors do NOT report findings to management without discussing it with the personnel involved FIRST. There are no tricks. Nothing is ‘hidden’ until later.

Things to Know
Know what documentation affects YOU!
You must know what documentation applies to your job. This should have been told to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
Know what training you have had. If you do not know, ASK YOUR MANAGER NOW! Don’t wait until the audit!

Things to Do
Listen closely before answering any question(s). If you are not sure you understand the question, ask the auditor to repeat it. If you still do not understand the question, tell the auditor you do not understand it. The auditor will try to better explain him/herself. Never answer a question you do not understand!
Never say “Sometimes I....”. When you do something differently because of different circumstances, explain that “When ------ happens, I...., and when +++++ happens, I ....”. Be specific.
Always tell the Truth. Don’t ever try to hide something. You may think you are helping someone - you are not. One lie can destroy confidence. Just like in a marriage, if one spouse lies to the other and the other finds out, the relationship may be in real danger. One lie could ruin the entire audit.
Be patient. Wait for the auditor to ask a question.

Things NOT to Do
If you do not know the answer to a question, tell the auditor that you do not know the answer. Don’t attempt to ‘fake it’. If the auditor tries to explain again and you still do not understand the question, tell him/her again that you do not understand the question. The Escort will attempt to help if this happens.
Do NOT try to answer a question for another person. (often registrars will *test* people for this) If the question is not about the job you are doing and you know who does that job, tell the auditor who they should ask if you know.
Do NOT try to answer a question about another job. The only question an auditor is supposed to ask is about YOUR job. If the auditor asks you a question about someone else’s job, you should answer “That is not my job.” The escort or the other company person with the auditor must take the lead from this point.
Do NOT try to hide from the auditor. All the auditor wants is to ask you about your job and how to do it. You know your job. You can tell the auditor about as easily as you can tell anyone else.

General Things To Know and Do
Auditors are NOT trying to test your memory. If you have to look something up in your documentation, tell the auditor. The auditor will then tell you whether to look up the information or not.
Only answer the auditor’s question. Do NOT volunteer information. Do NOT try to ‘help’ the auditor with additional information.
Answer with the shortest, simplest answer you can think of. If you can answer with a Yes or No, that’s all you should do.
Don’t try to explain things beyond the question asked. The auditor will ask questions to help him/her understand. Your job is to only answer questions asked.
Do not tell stories or speculate what ‘may’ happen.
Right NOW!!! If there is any documentation which you are using that you think or know is not correct, contact your supervisor immediately!

Typical Audit Questions to Expect
What is QS-9000 / ISO 9001?
What is the quality policy?
What does the quality policy mean to you?
What documentation do you follow? Where is it?
How do you know you are using the most recent documentation?
Who is the Management Representative?
How do you know what to do? Tell me about your job and your duties.
Do you ever have problems come up? How do you handle them?
When you find nonconforming product, what do you do?
What are your quality responsibilities?
What are controlled documents?
If your documentation says you should do something a specific way and someone else tells you to do it differently, what do you do?
What do you do if your machine jams?
If you do not know the answer to any of these questions, talk to your supervisor SOON! DO NOT WAIT!

Supervisors Should Think About...
Work Instructions
Does Every Job Have Relevant Work Instructions?
Are Work Instructions Controlled?
Is Each Signed & Dated?
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
Equipment PMs
Are All Equipment PMs Up To Date and to a Schedule?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Is DMR Material Dispositioned in a Timely Manner?

Last Things to Think About
Employee Training
Do You Know the Training Requirements Of Your Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
Work Areas
Are Work Areas Clean and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?

QS-9000 / ISO 9001 Reminders
Does NOT define quality
Is NOT a one-time process
Is NOT easy
Requires commitment
Requires resources

Real Life
What QS-9000 / ISO 9001 Means To You!
You MUST:
Know Your Job Duties
Know What Training Your Job Requires
Be Able To Tell About How You Were Trained
Know What Documentation Involves YOU!
Know How To Find Out What The ‘Latest’ Version’ Is
Know What The Documentation Says
Know How The Documentation Applies To YOU!
Know What The INTENT of the Documentation

Good Luck!