Identifying KPI for AS9100 8.1.4 - Prevention of Counterfeit Parts - PCB assembly contract manufacturer

[OzzyAS]

Please show me the shall for that.

Hi Jim,
#1 Standard Clause 4.4.1 c requires KPIs and 4.4.1. d requires to determine resources for processes. If that standard requirement is for a specific purpose, it usually states under the notes for the clarification. i.e 8.1.1 Note 1: the scope of this clause (8.1.1) is limited to the risks associated to the operational processes needed for the provision of products and services (clause 8). In this note, it is for the Clause 8. We don't see this note for 4.4.1. requirement.
in the 4.4.1, The organization shall determine the processes needed for the quality management system. Resources needed for these processes. It is not OK not to provide the resources needed for management, risk analysis, monitoring, measuring equipment, internal audit personnel, management review, and corrective action etc? These clauses need to be covered under the process(es). We called those support processes, right?

#2 Form 2 Matrix. Form 2 includes all the processes names. The processes in Form 2 that for Clause 4, 5, 6, 7, 9, 10. need to comply with 4.4.1. The auditor cannot consult on how many processes the organization should have. Neither The auditor shouldn't make up process names during the filling out the Form 2 if the organization has not determined the processes names for those clauses yet. An OFI or NCR can be issued. The choice of OFI / NCR can be different between CBs. One CB requires their auditor to write NCR, while another CB may require OFI.

What could be the justification of not providing resources for the process that includes management, risk analysis, monitoring, measuring equipment, internal audit personnel, management review, corrective action activities?

#3 Form 3 PEAR. You may say that Form 3 only is for clause 8. That is true. Those Processes are operational processes and so called core. but this is not the justification of not complying the requirements of 4, 5, 6, 7, 9, 10.

 

[Big Jim]

Hi Jim,
#1 Standard Clause 4.4.1 c requires KPIs and 4.4.1. d requires to determine resources for processes. If that standard requirement is for a specific purpose, it usually states under the notes for the clarification. i.e 8.1.1 Note 1: the scope of this clause (8.1.1) is limited to the risks associated to the operational processes needed for the provision of products and services (clause 8). In this note, it is for the Clause 8. We don't see this note for 4.4.1. requirement.
in the 4.4.1, The organization shall determine the processes needed for the quality management system. Resources needed for these processes. It is not OK not to provide the resources needed for management, risk analysis, monitoring, measuring equipment, internal audit personnel, management review, and corrective action etc? These clauses need to be covered under the process(es). We called those support processes, right?

#2 Form 2 Matrix. Form 2 includes all the processes names. The processes in Form 2 that for Clause 4, 5, 6, 7, 9, 10. need to comply with 4.4.1. The auditor cannot consult on how many processes the organization should have. Neither The auditor shouldn't make up process names during the filling out the Form 2 if the organization has not determined the processes names for those clauses yet. An OFI or NCR can be issued. The choice of OFI / NCR can be different between CBs. One CB requires their auditor to write NCR, while another CB may require OFI.

What could be the justification of not providing resources for the process that includes management, risk analysis, monitoring, measuring equipment, internal audit personnel, management review, corrective action activities?

#3 Form 3 PEAR. You may say that Form 3 only is for clause 8. That is true. Those Processes are operational processes and so called core. but this is not the justification of not complying the requirements of 4, 5, 6, 7, 9, 10.

You seem to be conflating requirements from AS9100 and AS9101. For that matter, conflating AS9100 4.4 and 8.

To start with 4.4.1c doesn't mention KPI. It comes close with related performance indicators though. In trying to pull in the note from 8.1.1 you have completely missed the reason for notes. Notes in the standard are NOT REQUIREMENTS and they cannot be audited to. They provide insight and illumination and you really cannot create a parallel from one section to another by what the NOTES DO NOT SAY.

As you pointed out, it is up to the organization to determine what their processes are. It is also up to the organization to determine how to monitor and measure them. At the most AS9101 provides some examples of what to look for and DOES NOT ADD TO THE REQUIREMENTS of AS9100.

In my earliest training we we taught that the tools used to audit were the servant and not the master. They were provided to help the auditor but not to dictate exactly how the audit would go. In the earliest days that tool was the checklist but in my opinion this concept continues to apply to today's auditing tools as well.

AS9101 Form 2 needs to be seen in the light of the paragraph above as well as in light of what you said about the auditor auditing to the auditee's processes, no more and no less.

Much of this discussion likely forms around the fact the ISO never made an adequate definition of what a process is. A narrow reading may indicate that it only involves manufacturing processes such as how to assemble, how to fabricate, how to weld, how to solder, how to plate, and so on. It is only when you realize that they also mean the business processes that 4.4 makes any sense. Until ISO does a better job of defining what a process is there will be continued confusion.

Some registrars have provided training on developing an interaction of processes where this concept is provided.

What I objected to was the need for a specific KPI for handling counterfeit items. Boiling down processes to each element of the standard is way beyond imagination. They will need a KPI for whatever process or processes the organization has determined that counterfeit is handled within.

I can just imagine an auditor discovering that the auditee has misunderstood what a process is and has listed 30 or so. That would be 30 or so PEARs would need to be created and evaluated.

Funny thing. Before the PEAR was used, AS9100 auditors seemed to like complex interaction of processes with lots of process names mentioned. Since the advent of the PEAR they really like simpler interaction of processes with as few processes as possible.

I don't think you succeeded in showing me the shall. It must come clearly from AS9100D alone. Guidance material permitted if you can find it, but not from conflating nonpertinent parts into it.

 

[Sidney Vianna]

Funny thing. Before the PEAR was used, AS9100 auditors seemed to like complex interaction of processes with lots of process names mentioned. Since the advent of the PEAR they really like simpler interaction of processes with as few processes as possible.

I heard cases of CB auditors (AEA's) not only disregarding the actual processes the organization had and totally artificially and unilaterally reducing the number of "processes" that an organization had to 2 or 3 so they would not have to create more PEAR's.
Talk about the tail wagging the dog....

As for confusion about processes, it is painful to see that, 2 decades after the "introduction" of the "process approach" via ISO 9001:2000, so many people struggle with that. Mind boggling people don't understand the concept to this date. For the 1,117th time, let me offer the following:

The QMS processes are nothing more, nothing less than the BUSINESS PROCESSES that can affect product conformity and/or customer satisfaction.

Now, if an organization (or individual) cannot identify their business processes, the problems are much bigger.

 

[OzzyAS]

To start with 4.4.1c doesn't mention KPI. It comes close with related performance indicators though.

I like your comments with some disagreement as especially with the where performance indicator requirement coming from issue.
Process Performance indicator requirements coming from 4.4.1. C Please refer to 4.4.1.c AS9100D and IAQG 9100:KPI Clarifications Clarification table attached.

 

[Big Jim]

I like your comments with some disagreement as especially with the where performance indicator requirement coming from issue.
Process Performance indicator requirements coming from 4.4.1. C Please refer to 4.4.1.c AS9100D and IAQG 9100:KPI Clarifications Clarification table attached.

I fail to see the conflict. I'm not suggesting that an on-time delivery metric be the only KPI and that it be applied to all.

 

[Big Jim]

I heard cases of CB auditors (AEA's) not only disregarding the actual processes the organization had and totally artificially and unilaterally reducing the number of "processes" that an organization had to 2 or 3 so they would not have to create more PEAR's.
Talk about the tail wagging the dog....

As for confusion about processes, it is painful to see that, 2 decades after the "introduction" of the "process approach" via ISO 9001:2000, so many people struggle with that. Mind boggling people don't understand the concept to this date. For the 1,117th time, let me offer the following:

The QMS processes are nothing more, nothing less than the BUSINESS PROCESSES that can affect product conformity and/or customer satisfaction.

Now, if an organization (or individual) cannot identify their business processes, the problems are much bigger.

Now if only TC-176 made it that clear.

 

[Kirby]

I work for a PCB assembly contract manufacturer. We are having to create new KPIs for the quality department and are having trouble coming up with meaningful KPIs for the AS9100 sections that are the primary responsibility of the quality department.

Does anyone have an idea for a KPI for 8.1.4, Prevention of Counterfeit Parts?

The only KPI can come up with is the percentage of people trained out of the number of people who need to be trained, which is a poor indicator because it will be 100% all the time.

We try to avoid buying from high risk sources unless dictated by the customer. The number of special inspections depends on the number of orders from customers who require us to use high risk sources.

I'm curious, are you trying to develop KPIs for each procedure / SOP / documented information rather than for the key processes that your company has identified. The standard prescribes that we track certain processes but I'm not sure that we are expected to establish / track metrics for EVERY procedure (or whatever you call the Tier 3 documents). I'm thinking that a process may be the result of the input of multiple documented information items (procedures). Therefore your Counterfeit Prevention activity may be a part of a key process such as "Purchasing / Supplier Management" or maybe "Production Management" . You may choose metrics to track for that key process that do not necessarily include counterfeit control directly but some other part of the process.

In our system we have identified 5 key processes, one of which is "Purchasing / Supplier Management" (8.4 in the standard). Our metrics for this process include SCARs issued vs. POs issued and our objective is 98% of issued POs do not result in a SCAR. This is just one aspect of the Purchasing process but it's one that we've chosen as being important to us.

You can determine that you may not have a relevant metric for Counterfeit Control other that the # trained vs. needs trained, and if you feel that this is not relevant or appropriate (The output of this part of the process offers no insight / indicator to measurable performance and therefore there is no value in the exercise of KPI development for this procedure / part of the process) , find a better performance indicator in the process.

I'm really anxious to see what the real experts here on the Cove have to say, I'm just in there wingin' it and continuing to look at other folk's approaches to this whole AS thing as I try to develop / maintain / improve a system that brings value and recognizes reality. .