Documented actions and changes in the QMS by COVID 19

qualprod

qualprod

Trusted Information Resource
Hello everyone

I come with this topic to you regarding what has changed into your QMS regarding to Risks, corrective actions, goals and objectives which were not met mainly because of Covid 19.

We all know that because of this pandemia, a lot of actions to survive, have been carried out and have not been documented, because I think that is more important the effort to maintain the business that to comply to a QMS system. Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
This issue, it shouldn´t be seen different to other existing risks that any business may face (bankruptcy, social problems, country problems, earthquake, etc.) that for that we should have in place business continuity plan (BCP) and the like. However, for some business a BCP is a must, while for others maybe is not necessary (my case, 60 people, low risk manufacturing company). At this time, and maybe at the end of July, in your opinions, what do we have to have documented into the QMS for two purposes, the benefits and continuity of the business and what for the next surveillance audits (the mine , in October 2020)?

While addressing this issue:
Practicing a corrective action, (from the standard)
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:
a) react to the nonconformity and, as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not
recur or occur elsewhere, by:
When doing a Corrective action and root cause was because of Covid effects, what actions can we implement and "be believeable and effective"
in order to ensure the non-recurring? if we are in front of the "unknown".
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?

And here another interesting question arises... What drives my business? my QMS or my urgent needs/feelings?

Please share your thoughts.

Thanks
 
Last edited by a moderator:
Highly Rated Gage Tracking - Learn More
Elsmar Forum Sponsor
qualprod said:
Hello everyone

I come with this topic to you regarding what has changed into your QMS regarding to Risks, corrective actions, goals and objectives which were not met mainly because of Covid 19.

We all know that because of this pandemia, a lot of actions to survive, have been carried out and have not been documented, because I think that is more important the effort to maintain the business that to comply to a QMS system. Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
This issue, it shouldn´t be seen different to other existing risks that any business may face (bankruptcy, social problems, country problems, earthquake, etc.) that for that we should have in place business continuity plan (BCP) and the like. However, for some business a BCP is a must, while for others maybe is not necessary (my case, 60 people, low risk manufacturing company). At this time, and maybe at the end of July, in your opinions, what do we have to have documented into the QMS for two purposes, the benefits and continuity of the business and what for the next surveillance audits (the mine , in October 2020)?

While addressing this issue:
Practicing a corrective action, (from the standard)
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:
a) react to the nonconformity and, as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not
recur or occur elsewhere, by:
When doing a Corrective action and root cause was because of Covid effects, what actions can we implement and "be believeable and effective"
in order to ensure the non-recurring? if we are in front of the "unknown".
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?

And here another interesting question arises... What drives my business? my QMS or my urgent needs/feelings?

Please share your thoughts.

Thanks
Click to expand...

This falls into the 100 year flood. it is not product related and the QMS still works - not to your liking but it still woks
 
qualprod said:
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?
Click to expand...

I agree with Pjservan that COVID-19 does not require a CA unless a significant complaint, product or QMS issue has occurred.

qualprod said:
Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
Click to expand...

Handling COVID-19 through your risk management system makes the most sense to me. OTD is only one small component of COVID-19 risk. You've already mentioned a number of actions you have taken to mitigate risks from COVID-19. I don't see why you wouldn't just document those actions as part of your COVID-19 risk activity. it doesn't have to be very detailed, but I would definitely include it. If its helpful, you could even imagine using the ISO table of contents to do something like this to guide documenting your COVID-19 risk activity:
  • Leadership
    • Management has reviewed the Essential Services definition and determined that our company is Essential, and therefore will continue to operate during this pandemic.
    • Management is ongoingly monitoring local, state and federal regulation and advisory changes.
  • Planning/Risk
    • This risk action #1234 was created to manage and document the activities performed to monitor and mitigate the risks from COVID-19.
  • Infrastructure
    • Resources
      • Personnel
        • For their safety, personnel have been instructed to work from home, where possible.
        • Guidelines were set up to instruct personnel what to do in case they felt ill.
        • Guidelines were set up to instruct personnel to inform the company immediately if they tested COVID-19 positive.
      • Infrastructure
        • Remote VPN connectivity was implemented and provided to those employees working from home.
          • VPN choice was reviewed for security and productivity considerations.
          • Company internet bandwith determined to be adequate as-is for work-from-home.
        • Remote phone connectivity also provided to those employees working from home.
      • Environment
        • CDC approved cleaning chemicals and hand sanitizer obtained.
          • SDS records added for these chemicals.
        • Cleaning schedule set up and implemented, with attention to common areas and bathrooms.
    • Competence
    • Awareness
      • Mask & social distance rules implemented, with posters placed at key points in building.
        • Training record on file
  • Operation
    • Customer Communication
      • Emails were sent to all customers informing them of our essential status, and that we are taking steps to monitor our supply chain and protect our employees to prevent a business stoppage.
    • Supply Chain
      • Vendors were asked to inform us immediately of any awareness of a potential/known supply interruption, etc.
    • Production
      • Stations were configured to be 6ft apart.
      • Hand sanitizer stations placed near common equipment.
    • etc.
  • Performance
    • Remote audit risk, per 19011:2018 A.16, evaluated for upcoming audits.
      • Webinar software XYZ chosen, as a market leader with no publicly known software vulnerabilities.
      • Company internet bandwith determined to be adequate for remote audits.
      • USB camera & headset purchased for audit team.
      • Cellphone camera determined to be adequate for virtual walkaround of facilities, as needed.
      • etc.
  • Improvement
    • Continual Improvement action added to create BCP.

I do think that remote audit risk can be overlooked but should be done, which is why I placed it in red.
 
FWIW, we put some notes about the pandemic and our response into management meeting notes section for 'changes that may effect the QMS."


Something to the effect of: "Top management is monitoring the situation and reacting as required. Masks are required. We checked with our customers and local codes and established we are 'essential.' We printed letters for employees to carry in the car for on the way to and way back from work."
 
Kronos147 said:
FWIW, we put some notes about the pandemic and our response into management meeting notes section for 'changes that may effect the QMS."


Something to the effect of: "Top management is monitoring the situation and reacting as required. Masks are required. We checked with our customers and local codes and established we are 'essential.' We printed letters for employees to carry in the car for on the way to and way back from work."
Click to expand...

Good pro-active move because as part of my CB MS audits I have to provide response and action language.
 
Just saw this blog article from NQA:

COVID-19: WHAT EVIDENCE OF PLANNING WILL MY AUDITOR EXPECT?
Lets look at what evidence of planning around COVID-19 a ISO 9001:2015 auditor would expect to see?

Edit: Also, this one:

INTERNAL AUDITING DURING COVID-19
 
Last edited:
Thanks, the NQA blog suggests the internal auditor should help determine the Covid-19 precautions needed.

I was surprised by this recommendation.

Better to leave internal auditor impartial and objective than to compromise them.

So, top management determines the precautions as a result of engaging their risk assessment team.

The auditor then further verifies the effectiveness of the updated system and its new and changed processes.

This also helps explain why no registrar should make recommendations except regarding certification.
 
John Broomfield said:
Thanks, the NQA blog suggests the internal auditor should help determine the Covid-19 precautions needed.

I was surprised by this recommendation.
Click to expand...

Hmm, I didn't get that sense at all from the article. Nowhere does it state or imply to my mind that the internal auditor should help determine the needed precautions.
 
Tagin said:
Hmm, I didn't get that sense at all from the article. Nowhere does it state or imply to my mind that the internal auditor should help determine the needed precautions.
Click to expand...

This to me was saying the auditor determined the needed precautions:

“Internal audits – A good way of... analysing what areas will require change.“

...being as Covid-19 changes are determined by risk assessment not by auditing.
 
You must log in or register to reply here.

Similar threads

M
ISO to AS9100 nightmare
Replies
4
Views
583
mattador78
M
D
Importance of cybersecurity compliance
Replies
1
Views
62
AllTheThings
AllTheThings
A
Memorandum as Corrective Action
Replies
4
Views
720
Bev D
Bev D
D
Internal Audit Plan and Audit Checklist per AS9100
2
Replies
12
Views
2K
Jtavo
J
Crimpshrine13
Corrective Action Dilemma with Parent Company
2
Replies
13
Views
2K
gakiss2
G
Back
Top Bottom