Thoughts on managing ISO 9001, 13485, IATF 16949 and 17025

[SGquality]

Hello members,

Need your thoughts on this complex situation -

currently, the company has four different divisions managing ISO 13485, ISO 9001, IATF 16949, and ISO/IEC 17025 certificates and quality management system. Now this company is planning to have a "centralized quality systems" to manage these four QMS.

I would like to know how would you approach this situation?

Thank you in advance

 

[Johnny Quality]

What's a "centralized quality system"? Does your company have a definition of what one is or what you would like it to be? And how does that compare to where you are now?

 

[Ninja]

Not a huge deal...just a lot of review and tweaking...assuming they want ONE QMS to comply with all four.
Totally easy if they want one storage system for the four separate QMS's.

Assuming they want to merge into one system:
Each and every process/document/etc. needs to be reviewed "four times"...not really four times, but "Are we handling ISO9001 requirements? ...Are we handling IATF requirements?...etc"

Being detailly like I am, I would likely review (or have reviewed) literally four times with different mindsets day by day...but that's me.

If they just want central storage, but four different QMS's...it's simply record tagging as you load the systems into the central database...and careful access privilege management based on those tags.

Don't get me wrong...it's a LOT of work moving things like that around, and moreso if you try to have each process comply with all four systems.
But I have yet to see a case where one system requires a thing, and another prohibits it... you may just find yourself doing a lot of needless work, such as applying stricter IATF requirements to a part going to mass market (non-auto) that does not require them.

 

[SGquality]

Great points Ninja.

@ Johnny Quality, its just a thought for the moment and needs crystallization.

Probably we might go with four different sets of QMS documents for each of the standards, but I am leaning towards having a tiered approach where certain elements like Management Review, CAPA, nonconforming materials, to name a few, might be common across all standards while specific ones like DMR, DHR will be for ISO 13485; APQP, PPAP for IATF, and so on. Thus, if the Tier 1 is the Quality manual, Tier 2 would be the QMS common elements, Tier 3 industry-specific elements, Tier 4 work instructions, and Tier 5 will be Forms. A lot of this is still on the drawing board but was very keen on getting thoughts from esteemed members here.

The "centralized quality system group" will be responsible for establishing the documentation required for establishing the requirements, while the execution will rest with the different business entities.

Currently I am just supporting the ISO 13485 but the company wants me to lead this effort.

 

[Johnny Quality]

Sounds like you need a chat with whoever is day to day responsible for the other standards and see what they think and what's possible.

 

[Ninja]

Gonna change your wording, since how you wrote it will lead to future headaches... it is a distinct and significant alteration in thought and approach.
May work in your company, may not...I hope it does.

The "centralized quality system group" will be responsible for reviewing and giving feedback/required changes to the documentation written by the process owners required for establishing the requirements, while the execution will rest with the different business entities.

Some central group who doesn't make stuff...writing the documents around how stuff is made... that's why folks hate "the quality department idiots who keep telling me to do things that make no sense in the real world".
Don't do that...have the process owners lay out the process...the "Central Committee" just needs to make sure that the final product satisfies the standards. And yes, you will be viewed as "The Central Committee" and all it implies.

 

[SGquality]

Great points

 

[Big Jim]

I wrote an manual a few years ago for a company that maintained ISO 9001:2015, AS9100D, and ISO 13484:2015. They wanted one manual, one system, auditors be damned. Their words, not mine. First I wrote a manual for ISO 9001:2015 & AS9100D. Not that difficult as they use the same numbering system. Then I added in the 13485 requirements after determining where they fit in to ISO 9001 since 13485 stayed behind and is numbered like ISO 9001:2008. Notes in parenthesis showed which standard was being addressed. Also a cross reference was created for the 13485 auditor so he could find his way around.

16945 also uses the same numbering system as ISO 9001:2015 so it too could be mixed in, however it has a lot more enhancements, but it is doable.

17025 is a completely different animal. It is too different to mix into the others. I think you will still need at least two manuals.

 

[John Broomfield]

Just describe how your organization works as a system to fulfill requirements to the extent necessary for effective planning, operation and control.

Do this to make life easier for the users not the auditors.

Then add a matrix (as an appendix) for each standard that relates the relevant part of the system to each clause in the standard.

Job done.

 

[SGquality]

Thank you Big Jim and John