Documented actions and changes in the QMS by COVID 19

qualprod

Trusted Information Resource
#1
Hello everyone

I come with this topic to you regarding what has changed into your QMS regarding to Risks, corrective actions, goals and objectives which were not met mainly because of Covid 19.

We all know that because of this pandemia, a lot of actions to survive, have been carried out and have not been documented, because I think that is more important the effort to maintain the business that to comply to a QMS system. Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
This issue, it shouldn´t be seen different to other existing risks that any business may face (bankruptcy, social problems, country problems, earthquake, etc.) that for that we should have in place business continuity plan (BCP) and the like. However, for some business a BCP is a must, while for others maybe is not necessary (my case, 60 people, low risk manufacturing company). At this time, and maybe at the end of July, in your opinions, what do we have to have documented into the QMS for two purposes, the benefits and continuity of the business and what for the next surveillance audits (the mine , in October 2020)?

While addressing this issue:
Practicing a corrective action, (from the standard)
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:
a) react to the nonconformity and, as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not
recur or occur elsewhere, by:
When doing a Corrective action and root cause was because of Covid effects, what actions can we implement and "be believeable and effective"
in order to ensure the non-recurring? if we are in front of the "unknown".
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?

And here another interesting question arises... What drives my business? my QMS or my urgent needs/feelings?

Please share your thoughts.

Thanks
 
Last edited by a moderator:
Elsmar Forum Sponsor

Pjservan

Involved In Discussions
#2
I will not put this in a Corrective Action format unless something that affected product quality or a serious customer complain has come into focus due to COVID-19. Otherwise COVID-19 can be introduce to the QMS as an external issue (Context of the Organization). Pending how you are organized and what type of industry and cusotmers you support, then you can identify pertinent risks/opportunities. Another area where you can show a proactive approach will be any process changes that you are making in order to get the business back up might require a review for risk taking into account not only employee safety but product quality. Just my 2 cents...
 

dsanabria

Quite Involved in Discussions
#4
Hello everyone

I come with this topic to you regarding what has changed into your QMS regarding to Risks, corrective actions, goals and objectives which were not met mainly because of Covid 19.

We all know that because of this pandemia, a lot of actions to survive, have been carried out and have not been documented, because I think that is more important the effort to maintain the business that to comply to a QMS system. Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
This issue, it shouldn´t be seen different to other existing risks that any business may face (bankruptcy, social problems, country problems, earthquake, etc.) that for that we should have in place business continuity plan (BCP) and the like. However, for some business a BCP is a must, while for others maybe is not necessary (my case, 60 people, low risk manufacturing company). At this time, and maybe at the end of July, in your opinions, what do we have to have documented into the QMS for two purposes, the benefits and continuity of the business and what for the next surveillance audits (the mine , in October 2020)?

While addressing this issue:
Practicing a corrective action, (from the standard)
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:
a) react to the nonconformity and, as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not
recur or occur elsewhere, by:
When doing a Corrective action and root cause was because of Covid effects, what actions can we implement and "be believeable and effective"
in order to ensure the non-recurring? if we are in front of the "unknown".
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?

And here another interesting question arises... What drives my business? my QMS or my urgent needs/feelings?

Please share your thoughts.

Thanks
This falls into the 100 year flood. it is not product related and the QMS still works - not to your liking but it still woks
 

Tagin

Trusted Information Resource
#5
Also for a Risk, I detected as a risk, not complying to OTD, and implemented actions to lower the risk value, after a while the risk is evaluated, if risk lowered, maybe risk is closed, but......

Really, are we concerned to document the risks and CA into the QMS? or to apply non-documented quick actions and efforts to solve the problems we face?
I agree with Pjservan that COVID-19 does not require a CA unless a significant complaint, product or QMS issue has occurred.

Actions, like sending people to work at home because government recommendations, taking care of health of personnel, supplying protection, applying social distancing, communication to personnel, buying raw materials to non evaluated providers, etc., most of these actions were taken in order to comply customers, protect people and the business.

The mentioned actions and others, have not been including into the QMS, even if they have somehow be included.
Handling COVID-19 through your risk management system makes the most sense to me. OTD is only one small component of COVID-19 risk. You've already mentioned a number of actions you have taken to mitigate risks from COVID-19. I don't see why you wouldn't just document those actions as part of your COVID-19 risk activity. it doesn't have to be very detailed, but I would definitely include it. If its helpful, you could even imagine using the ISO table of contents to do something like this to guide documenting your COVID-19 risk activity:
  • Leadership
    • Management has reviewed the Essential Services definition and determined that our company is Essential, and therefore will continue to operate during this pandemic.
    • Management is ongoingly monitoring local, state and federal regulation and advisory changes.
  • Planning/Risk
    • This risk action #1234 was created to manage and document the activities performed to monitor and mitigate the risks from COVID-19.
  • Infrastructure
    • Resources
      • Personnel
        • For their safety, personnel have been instructed to work from home, where possible.
        • Guidelines were set up to instruct personnel what to do in case they felt ill.
        • Guidelines were set up to instruct personnel to inform the company immediately if they tested COVID-19 positive.
      • Infrastructure
        • Remote VPN connectivity was implemented and provided to those employees working from home.
          • VPN choice was reviewed for security and productivity considerations.
          • Company internet bandwith determined to be adequate as-is for work-from-home.
        • Remote phone connectivity also provided to those employees working from home.
      • Environment
        • CDC approved cleaning chemicals and hand sanitizer obtained.
          • SDS records added for these chemicals.
        • Cleaning schedule set up and implemented, with attention to common areas and bathrooms.
    • Competence
    • Awareness
      • Mask & social distance rules implemented, with posters placed at key points in building.
        • Training record on file
  • Operation
    • Customer Communication
      • Emails were sent to all customers informing them of our essential status, and that we are taking steps to monitor our supply chain and protect our employees to prevent a business stoppage.
    • Supply Chain
      • Vendors were asked to inform us immediately of any awareness of a potential/known supply interruption, etc.
    • Production
      • Stations were configured to be 6ft apart.
      • Hand sanitizer stations placed near common equipment.
    • etc.
  • Performance
    • Remote audit risk, per 19011:2018 A.16, evaluated for upcoming audits.
      • Webinar software XYZ chosen, as a market leader with no publicly known software vulnerabilities.
      • Company internet bandwith determined to be adequate for remote audits.
      • USB camera & headset purchased for audit team.
      • Cellphone camera determined to be adequate for virtual walkaround of facilities, as needed.
      • etc.
  • Improvement
    • Continual Improvement action added to create BCP.

I do think that remote audit risk can be overlooked but should be done, which is why I placed it in red.
 

Kronos147

Trusted Information Resource
#6
FWIW, we put some notes about the pandemic and our response into management meeting notes section for 'changes that may effect the QMS."


Something to the effect of: "Top management is monitoring the situation and reacting as required. Masks are required. We checked with our customers and local codes and established we are 'essential.' We printed letters for employees to carry in the car for on the way to and way back from work."
 

Randy

Super Moderator
#7
FWIW, we put some notes about the pandemic and our response into management meeting notes section for 'changes that may effect the QMS."


Something to the effect of: "Top management is monitoring the situation and reacting as required. Masks are required. We checked with our customers and local codes and established we are 'essential.' We printed letters for employees to carry in the car for on the way to and way back from work."
Good pro-active move because as part of my CB MS audits I have to provide response and action language.
 

Tagin

Trusted Information Resource
#8
Just saw this blog article from NQA:

COVID-19: WHAT EVIDENCE OF PLANNING WILL MY AUDITOR EXPECT?
Lets look at what evidence of planning around COVID-19 a ISO 9001:2015 auditor would expect to see?

Edit: Also, this one:

INTERNAL AUDITING DURING COVID-19
 
Last edited:

John Broomfield

Staff member
Super Moderator
#9
Thanks, the NQA blog suggests the internal auditor should help determine the Covid-19 precautions needed.

I was surprised by this recommendation.

Better to leave internal auditor impartial and objective than to compromise them.

So, top management determines the precautions as a result of engaging their risk assessment team.

The auditor then further verifies the effectiveness of the updated system and its new and changed processes.

This also helps explain why no registrar should make recommendations except regarding certification.
 

Tagin

Trusted Information Resource
#10
Thanks, the NQA blog suggests the internal auditor should help determine the Covid-19 precautions needed.

I was surprised by this recommendation.
Hmm, I didn't get that sense at all from the article. Nowhere does it state or imply to my mind that the internal auditor should help determine the needed precautions.
 
Thread starter Similar threads Forum Replies Date
eule del ayre Documented Information - Periodic Review of Documents? IATF 16949:2016 / ISO 9001:2015 IATF 16949 - Automotive Quality Systems Standard 34
T Controlled Forms or documented requirements for records? ISO 13485:2016 - Medical Device Quality Management Systems 2
C Missing routers/documented information Nonconformance and Corrective Action 5
K AS9100D Clause 7.5.2.a) - What is considered to be "documented information"? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Q AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 20
J ISO 17025 Documented Procedure for 6.2.5 - Determining competency ISO 17025 related Discussions 4
L VDA 1 Documented Information and Retention (new revision 4, August 2018) VDA Standards - Germany's Automotive Standards 0
M Quality System Processes without Documented Procedures Document Control Systems, Procedures, Forms and Templates 39
C Significant Organizational Changes - Documented Responsibilities Document Control Systems, Procedures, Forms and Templates 4
B Documented process for type and extent of control IATF 16949 - Automotive Quality Systems Standard 6
K Documented problem solving and documented error-proofing - IATF 16949 10.2.3 & 10.2.4 Internal Auditing 7
Q Stage 1 audit observations - documented report? General Auditing Discussions 5
H Documented processes required by IATF 16949 section 4.4.1 IATF 16949 - Automotive Quality Systems Standard 1
H New IATF 16949 required Documented Processes IATF 16949 - Automotive Quality Systems Standard 5
P Retained Documented Information for Management Reviews ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
S ISO 13485 Cl. 5.4.2 - Is Documented Quality Planning required? ISO 13485:2016 - Medical Device Quality Management Systems 2
A How to Handle Documented Information in an online database for ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
E IATF 16949 Cl. 7.1.5.1 - Documented information as evidence of fitness for purpose IATF 16949 - Automotive Quality Systems Standard 3
B IATF 16949 Cl. 7.3.2 - Documented Process (Effectiveness & Efficiency) IATF 16949 - Automotive Quality Systems Standard 7
R IATF requirement of Documented QMM incorporation of CSR's into the processes? IATF 16949 - Automotive Quality Systems Standard 2
Q Risk Based Thinking - Is a Documented Procedure required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
S ISO9001:2015 Cl. 4.4.1 - What Processes Do I Need Documented ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S ISO 9001:2015 - Required Processes and required Documented Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
K Documented Information Turtle Diagram IATF 16949 - Automotive Quality Systems Standard 2
M [Student] Documented Process vs Documented Procedure IATF 16949 - Automotive Quality Systems Standard 5
A Documented Processes as per IATF16949 - Requirements for Turtle Diagrams IATF 16949 - Automotive Quality Systems Standard 3
R How to Control Videos as part of the QMS Documented Procedures and Instructions Document Control Systems, Procedures, Forms and Templates 2
A ISO 9001:2015 Clause 9.3.2 - Management Review Inputs must be Documented? Management Review Meetings and related Processes 15
N Must Bioburden Sampling Procedures be Documented? Other Medical Device Related Standards 5
W Documented Problem-Solving for Automotive IATF 16949 - Automotive Quality Systems Standard 4
Ninja What is the most useless {real} documented procedure you've seen? Coffee Break and Water Cooler Discussions 4
Q "Documented Procedure" Health Canada Canada Medical Device Regulations 8
T Notification of affected parties of Updated Documented Procedures ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
T AS9100C Processes which need to be documented AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
C AS9100 Requirement Definition - Defined vs. Documented AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
J Can the mandatory procedures of ISO 9001-2008 be documented within one procedure? Document Control Systems, Procedures, Forms and Templates 5
J Recycling Procedure (ISO9001) - Do I need a documented process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
C ISO 13485 - Documented Requirements for Risk Management ISO 13485:2016 - Medical Device Quality Management Systems 6
M HACCP vs. ISO 22000 Documented Procedure requirements Food Safety - ISO 22000, HACCP (21 CFR 120) 1
somashekar What are the ISO 13485 documented requirements for Risk Management? ISO 13485:2016 - Medical Device Quality Management Systems 13
somashekar What documented procedure in this case ... ISO 13485:2016 - Medical Device Quality Management Systems 5
P What should be documented for Qualitative Test results for the FDA? US Food and Drug Administration (FDA) 3
L Documented procedures requirements for AS9100C requirement 7.5.1 a) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Should the FSMS have a Documented Generic Procedure for Verification and Validation Food Safety - ISO 22000, HACCP (21 CFR 120) 2
S Are Records Forms which should be Documented? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Requirement for a Documented Process for the Review and Release of Product For Sale ISO 13485:2016 - Medical Device Quality Management Systems 6
Q Core Process without a Documented Procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
JoCam NADCAP AC7120 Rev A to B Documented Procedures Requirements Changes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
Q Outsourced Process also shall be Documented? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P What is to be documented to fulfill the requirements of ?820.65 Traceability? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1

Similar threads

Top Bottom