ISO 9001 Clause advice Needed

Jared

Starting to get Involved
Hello All,

I have just completed an internal audit where I was shown an incident report which documents details around a broken SLA. Included in this was description of incident, root cause, impact to client and what future prevention measures have since been implemented.

My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented? Is there a more suitable clause I should use instead?

Thanks
Jared
 
Last edited by a moderator:

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Hello All,

I have just completed an internal audit where I was shown an incident report which documents details around a broken SLA. Included in this was description of incident, root cause, impact to client and what future prevention measures have since been implemented.

My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented? Is there a more suitable clause I should use instead?

Thanks
Jared

Good day @Jared ;
By SLA you mean "service level agreement" ?......

Keep in mind that 10.3 describes continual improvement. I assume the "SLA" was prescribed to be a certain way, and it was not so. Simply "fixing" it (i.e. corrective action/root cause analysis) is getting it to how it was intended in the first place. That is not continual improvement.

Continual improvement (e..g) may be something like....the OTD was running at 98% of (better than the original goal 95%). A team gets involved to see if the goal (and results) can be pushed to 99%. For example.

Hope this helps.
Be well.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Hi Jared,

What is an SLA?

What is an incident report used for - some kind of violation? If it is, it is a nonconformity and would be addressed as a Corrective Action. ISO/TS 9002:2016 describes its activities as, in part:
... several methodologies and tools that the organization can consider to conduct continual improvement activities (kaizen). Examples can include, but are not limited to: Six Sigma methodologies; “lean” initiatives; benchmarking and the use of self-assessment models.
in order to
...enhance the organization’s performance and benefit its customers and relevant interested parties.
...using results from analysis and evaluation and management review to determine if continual improvement actions are needed.
 

AuditFan

Retired
My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented? Is there a more suitable clause I should use instead?
Can I ask what value you and other derive in assigning a clause number to this internal audit finding? What are you expecting to gain from this?
 

Sidney Vianna

Post Responsibly
Leader
Admin
My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented?
Absolutely not. What you are referring to as preventive action, is, indeed corrective action since there was an incident in service delivery. Bringing the service to the level was agreed upon is OBVIOUSLY NOT an instance of continuous improvement, just like fixing a flat tire in your car is not continuous improvement either.
 

Big Jim

Admin
Hello All,

I have just completed an internal audit where I was shown an incident report which documents details around a broken SLA. Included in this was description of incident, root cause, impact to client and what future prevention measures have since been implemented.

My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented? Is there a more suitable clause I should use instead?

Thanks
Jared

I think you have your terms mixed up. Preventive action is no longer a term used in the 2015 version of the standard. What you do to prevent something from happening again is part of the corrective action as noted by Sidney.

At most it could be used as evidence as an example of 10.2 Corrective Action is doing well.

Preventive Action was a term used in past versions of the standard. For the 2015 version it was replaced with risk. The need for the change is that preventive action did not live up to its mission as it was misunderstood, and the writers of the standard took responsibility for it. Since corrective action and preventive action were together at the back of the standard and written in nearly parallel language it was easy to tangle them. To resolve it, preventive action was given a new name (risk and opportunity) and move closer to the front of the standard.

It may help to think of corrective action as incident control. That is what you do after something happens to control and contain it. Preventive action was intended to handle what you do to keep a potential problem from happening, which, pure and simple, is risk.

How to attain continual improvement is actually contained in the standard. It is the results of analysis and evaluation and the outputs from management review.

It sounds like you may be using an element based checklist for your internal audit. Although it is not prohibited, it is discouraged with the preference of auditing using the process approach. That is determining how the company is structured and then auditing the elements of the structure instead of the elements of the standard. Perhaps you are doing a process based audit and referring the the elements that apply to it, which is fine.
 
Top Bottom