Auditing R&D for ISO9000


Fully vaccinated are you?
From: ISO Standards Discussion [email protected]
Date: Wed, 5 Jan 2000 09:32:53 -0600
Subject: Re: Doc and Aud of the 'R & D' Effort /Guinan/Kozenko

From: [email protected]

> At present, we have little documentation on the objectives, budgets, plans,
> processes, etc. of this 'Research and Development' effort. What will be the
> impact of this on our proposed ISO 9001 compliance registration? What should
> be done about the documentation and internal auditing of this effort?
> Alternatively, is it possible to continue with this effort in this manner?


Read your Articles of Incorporation, which state in very broad terms what your business can do legally and "by plan." They probably say something equivalent to this: "... anything that shows it makes the firm money."

Apply that "learned perspective" to your quality planning right now, and leave the door open to authorized individuals who can make "seat of the pants" decisions on what to do in the day to day grind, to make money for the firm. I'd also recommend stating in your quality planning docs. that your firm will review the quality plans twice a year (pick a number) as the firm grows, so that such plans can be revised to fit the future unknown circumstances with appropriate business acumen.

The education, experience and training of authorized person(s) should demonstrate that they are indeed capable of "steering the ship."

I'd also recommend placing Return on Investment into the individual R & D projects, so that over time you know what works best, what doesn't work at all, and to some degree, what makes it fall somewhere in between. The "acceptance criteria" and the procedure for auditing the R & D efforts should be documented, and changed as often as necessary so that practice and procedure continually match. That way, you'll pass any audit (Certification or Surveillance).

I'd predict that as you nailed down the R & D metrics, everyone in the company would fall in line with expectations, become results oriented, and probably even know when to throw in the towel and ditch a non performing R & D before it drains the firm's coffers, all attributable to the firm-wide "in the boat" perspective you should achieve in your continued implementation of ISO9000 to the business operations.

Sounds to me like you're off to a great start. Good luck.

David Kozenko


Fully vaccinated are you?
From: ISO Standards Discussion [email protected]
Date: Thu, 6 Jan 2000 09:15:29 -0600
Subject: Re: Q: Doc and Aud of the 'R & D' Effort /Guinan/Coffelt

From: Arline Coffelt <[email protected]>


My experience working with a Registrar is that your R& D effort is auditable for documented approved processes....and evidence of internal audits of this area. Assuming that your R& D efforts are managed, financed, and accountable in some manner then start by just documenting what you listed in your message (objectives, budgets, plans, processes, etc.), add documented policy to establish high level 'what has to happen' and 'why it has to happen', and then audit for adequacy (is it documented? is the documentation usable and correct?) and compliance.

Going back to your list (objectives, budgets, plans, processes, etc.) - indicates to me that you do manage the R& D work in some manner. While I'm sure your company strives to provide an 'open sandbox' to ensure that creativity is not inhibited, someone still has to think about how to pay for the time and equipment and other overhead that is part of these efforts...and someone else sooner or later is going to say 'show me'. And, since you probably already have some products that you have sold, then you must have some 'requirements' that will govern the way a product is 'built' and/or 'interfaced to another product' (e.g. design methods, design reviews, design decision-makers, methods/style of software documentation, etc.) - so document the 'who-what-when'.

At what point does your R& D effort become a design effort in your product development life-cycle? What is your criteria for this, what activities occur to establish this (reviews, testing, documentation), who makes the decision, and how does this get transferred from your R&D area (under R&D processes) to your production environment (under your design control and manufacturing processes)?

In other words, simply write policy and process for what you are already doing, just as you do the other areas of your company. (By the way, ISO or not - how long can any company survive where everyone 'plays' in an uncontrolled sandbox?)

I hope this helps. - Arline
Top Bottom