Virtual Office and Multi-Site Registration: Including the FedEx Registration

Marc

Hunkered Down for the Duration
Staff member
Admin
#1
Virtual and Multi-Site Registration

Subject: Re: ISO 9001 Certified Virtual Office /McCaig/Coga/Kohn
Date: Fri, 18 Jun 1999 12:00:59 -0600
From: ISO Standards Discussion

> >From: Holly McCaig
> >Subject:Q: ISO 9001 Certified Virtual Office /McCaig
> >I am the Management Representative for a training company in the
> >mid-west. Recently our certified department went virtual. We are
> >working out of our homes. The communication has proven to be tough,
> >but we are slowly overcoming it. Does anyone have any advice or tips
> >regarding being ISO certified in a virtual environment? I can give
> >more details of my companies function if needed.

----------------------

> From: ken.cogan
> Subject: RE: ISO 9001 Certified Virtual Office /McCaig/Cogan
> Federal Express obtained ISO 9001 certification without having to
> have all of their local offices audited. The registrar was able to conduct
> virtual audits of the field offices from Fed-Ex headquarters in Memphis.
> Please contact me for additional details.

------------------------

From: Brian Charles Kohn
Subject: RE: ISO 9001 Certified Virtual Office /McCaig/Cogan/Kohn

It is well-established that companies which have multiple branch offices that perform substantially the same tasks can be *sampled* rather than individually visited by the registrar. They're not "virtually audited" per se. What I think you're referring to is the review of internal audit records; such review is required as part of the registration and surveillance process. As far as I know, there is no regulations that allow the registrar to personally visit a fewer number of offices than specified by multi-site schemes.

It is important to note that this method cannot be employed (as such) in the conduct of the internal quality audit program.

Regarding virtual offices made up (substantially) of telecommuters; that is a bit different than field offices, as in the FedEx example. In such cases, the "offices" that the registrar should be looking at are the actual places of business, the legal addresses so-to-speak where employees are "based at" or "report into." Generally, where managers are, managers who manage the work of others, that should be what is considered an "office" for these purposes.

Now, regarding how to audit such situations. Clearly the office(s) is audited as per normal arrangements (and if there are multiple such offices, similar enough to employ a multi-site scheme, then that is appropriate as well). Typically, when I was auditing an office with telecommuters, I'd visit just the office, arranging for small sample of telecommuters to come into the office that day, and a larger sample of telecommuters to be available to be audited by telephone.

All records of the business should, of course, be available at the office-- there shouldn't be any records of the business stored solely at a site not considered part of the business. If there are, then that place (even if it is a person's home) should be considered a legitimate "office of the business" and therefore subject to audit in accordance with the registration scheme.

Internal auditing of such arrangements can be accomplished in the same manner, i.e., a small sample of telecommuters to come into the office, and a larger sample of telecommuters to be available to be audited by telephone, again with all records of the business available at the "office" where the audit actually takes place.

I hope this helps.

-Brian Charles Kohn
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
Subject: Re: ISO 9001 Certified Virtual Office /.../Cogan/Kohn/Cogan
Date: Mon, 21 Jun 1999 11:09:41 -0600
From: ISO Standards Discussion

From: ken.cogan
Subject: RE: ISO 9001 Certified Virtual Office /../Cogan/Kohn/Cogan

Brian,

Just as a point of clarification, the Fed-Ex audit approach was an exception to the rule. You are correct in stating that registrars need to follow rules for multi-site sampling. In this unique case, the RAB did approve the unusual approach used by the Registrar. The exception was approved due to the unique design of Fed-Ex's systems. It is unlikely that another organization will duplicate these systems. Therefore, we should not expect to see this unique audit approach used for other organizations.

Indeed it was a virtual audit because hundreds of field offices were audited without the auditor physically being there. My agreement of confidentiality does not allow me to share more with you. Unless you fully understand how the Fed-Ex systems is set up, it is difficult to see that conducting a virtual audit is possible. It remains a controversial certification because of the approach used and the fact that it has not yet been used at another organization.

We are in agreement on the other points you made in your response.

Ken Cogan
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#3
Subject: Re: Q: ISO 9001 Certified Virtual Office /McCaig/Randall
Date: Mon, 21 Jun 1999 11:14:55 -0600
From: ISO Standards Discussion

Subject: Re: Q: ISO 9001 Certified Virtual Office /McCaig/Randall

Some of the other respondents seem to be focused on the "multi-site" sampling audit involving the registrar physically visiting only a few (typically 25%) of the registered sites within a given audit cycle. I thought I would address your question from a different angle.

I recommend:

(1) loading your documented quality system into a secured directory on the Internet (this is actually quite easy).

I also recommend standardizing all users to MS IE5. I know that browsers are like religion and Netscape has a huge following, but the truth is that Microsoft Internet Explorer is much better suited for Intranets. (Netscape Navigator is arguably better surfing for the Internet)

Also, set up an IE "Channel" for you online documentation. This will allow automatic updating (distribution) of revised documents to the user's PC for offline viewing (you can't do that with Netscape). The "Channel" feature can also generate automatic e-mails to subscribers (users) whenever a change is made.

You should also be aware that IE will open Word, Excel and PowerPoint files in that native format (you don't need Adobe Acrobat to distribute forms).

(2) using MetaFrame to access (share) data via the Internet. MS Outlook coupled with Exchange and a decent database backend works OK - but can be slow. I still find Outlook to be a bit buggy. If you live in a MS environment you may want to get Outlook 2000 (it is less buggy). Either way, we're talking about heavy involvement from IT.

One of my projects involved implementing a quality system that spans from Hong Kong to Newark to Paris. We used the approach that I described above and it worked great.

Being "virtual" shouldn't be a problem provided that you have a computer literate auditor (these are actually quite rare - so be sure to request / demand a computer literate auditor for your next surveillance audit).

Richard C. Randall
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
Subject: Re: ISO 9001 Certified Virtual Office /McCaig/Cogan/Naish
Date: Fri, 25 Jun 1999 09:28:16 -0600
From: ISO Standards Discussion

From: PNaish
Subject: Re: ISO 9001 Certified Virtual Office /McCaig/Cogan/Naish

I would be extremely cautious of using the Federal Express example for doing virtual offices. Their cetificate is a joke. I have called twelve of their regional offices to find they have no procedures. They do not know what their quality policy is and they do not do customer requested corrective action because they do not know what it is. In addition a call to the corporate office in Memphis resulted in pretty much the same results except when the customer service person who answered was asked about ISO they said that I would have to talk to their sales person if I wanted to get their on line tracking software. When asked a second time the person said they didn't know what I was talking about. When finally directed to the head of the corporate customer service department the lady indicated she knew they were certified and would get a hold of the person who had implemented it to have him call me and send a copy of their certificate. That never occurred.

I sent a request to their registrar for verification that all offices really had been audited and was sent a nice letter indicating they did all of the offices from Memphis and they included a copy of the page out of Federal Expresses book showing they had been registered.

I have asked for corrective action no less than 5 times from Federal Express and still can not get one from anyone in the company. In addition they fail contract review but not notifying the customer when they fail to make a delivery as scheduled.

I continue to be amazed by the fact they continue to pass their audits but then again if the auditors never get out of Memphis I guess they see only what Federal Express wants them to see.

Not just a great example unless all you want is a piece of paper on the wall and then they are the perfect example.

Phyllis
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#5
Subject: Re: ISO 9001 Certified Virtual Office /../Cogan/Naish/Cogan
Date: Fri, 25 Jun 1999 09:59:54 -0600
From: ISO Standards Discussion

From: ken.cogan
Subject: RE: ISO 9001 Certified Virtual Office /../Cogan/Naish/Cogan

You make some good points Phyllis which underscore some weaknesses of ISO 9001:

- It is a basic quality system, not a world-class one.
- Most ISO 9001 certified companies do make mistakes and receive customer mistakes.
- Corrective action is taken depending on the importance and magnitude of the issue, meaning not every problem will have a formal corrective action, as you have experienced.
- Section 4.3 of ISO 9001:1994 does not require companies to notify customers if they have late deliveries. It requires that they have a process for amending contracts. It seems Fed-Ex's process does not include providing the notification you desire. (Does it say they will notify you on the waybill - your contract with them?)

You are also correct in stating that their certificate is only for their headquarters in Memphis. It does not list all their field offices since they are not visited as part of their certification. The best thing you can do is to use your two feet and take your business someplace else. They are not meeting your needs.

Ken
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#6
Subject: Re: ISO 9001 Certified Virtual Office /../Naish/Dey/Biddle
Date: Mon, 28 Jun 1999 12:01:27 -0600
From: SO Standards Discussion
From: R.M.Biddle
Subject: Re: ISO 9001 Certified Virtual Office /../Naish/Dey/Biddle

This concerns the difficulties one subscriber reported having with FedEx.

On Fri, 25 Jun 1999, Pat Dey wrote, in part:

>I do not see that one aggrieved customer calling 12 offices is a sufficiently
>large and unbiased sample.

One customer almost never has statistical significance, but that wasn't an issue. The gravamen here was whether an individual customer has the right, under FedEx's procedures, to lodge a request for corrective action. If so, the next question is why such repeated requests weren't attended to.

>I do not think it is appropriate for this discussion list to question the
>validity of a specific company's ISO 9000 certificate without firm evidence
>and without involving that company and its registrar in the discussion - this
>is after all a world-wide discussion list. If a certificate
>should be questioned, then there are appropriate formal channels for that.

Please let's not be too hasty in censoring discussion. This particular topic -- how we might tally the real to the ideal -- is close to my heart.

I started reading this list a couple of years ago in order to understand why I agreed to work for two dysfunctional companies merely on the strength of their registrations under ISO 9002. I have not been terribly successful. (The best I have come up with so far is the notion that ISO 9000 is the god of business, St Edwards is its prophet, and the rest of us fall short of glory.) So I, for one, appreciate any attempts we make at analyzing the effects of failing to live up to one's own standards.

It would be illuminating to develop additional evidence and to involve comment from FedEx and their registrar, but to require such things as the price of initiating discussion on this informal, if worldwide, mailing list would arrogate to the list a juridical proceeding incompatible to its purpose. Such requirements would also discourage generally all but the driest of theoretical postings.

The questions of greatest moment, at least to me, are "How can the theory best be put into practice?" and "What can we learn from the failures?". Under those terms the question raised about FedEx is exactly on point.

"Civilised people can talk about anything. For them no subject is taboo. ... In civilised societies there will be no intellectual bogeys at the sight of which great grown-up babies are expected to hide their eyes." (Clive Bell, 1928)

Best wishes,

Robert Biddle
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#7
Subject: Re: ISO 9001 Certified Virtual Office /../Naish/Cogan/Andrews
Date: Mon, 28 Jun 1999 12:09:09 -0600
From: ISO Standards Discussion

From: eandrews usffiltration.com
Subject: Re: ISO 9001 Certified Virtual Office /../Naish/Cogan/Andrews

Ken wrote (in part);
"- Section 4.3 of ISO 9001:1994 does not require companies to notify customers if they have late deliveries. It requires that they have a process for amending contracts. It seems Fed-Ex's process does not include providing the notification you desire. (Does it say they will notify you on the waybill - your contract with them?)"

Ken,
Missing a contracted delivery date IS an amendment to contract (albeit, a unilateral one the way Fed Ex is doing it) Without notifying - and reaching agreement with the customer - they are in fact in nonconformance with Section 4.3 of ISO 9001.

Ethan Andrews
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#8
Subject: Re: ISO 9001 Certified Virtual Office /Naish Again
Date: Wed, 30 Jun 1999 10:39:48 -0600
From: ISO Standards Discussion

From: PNaish
Subject: Re: ISO 9001 Certified Virtual Office /Naish Again

I think some of you misread or misunderstood the point of my earlier message. In it I indicated the following to answer some of the questions put forth:

First, The company at the corporate level in Memphis TN, as high as we could get to by phone, and they refused to provide a corrective action. So the number of worldwide location is irrelevant since we are talking the facility which was audited in person.

Second, their registrar was also asked to address the issue thinking perhaps FEDEX had misled them. I indicated their response was to read the page they sent from the FEDEX manual and that they in fact had registered.

Neither of those two was the original point which was the fact they failed to meet several sections of the standard which are:

1) Section 4.1 which clearly states that the quality policy must be documented and understood at all levels of the company that affect quality. If more than a dozen people in as many locations do not know or understand it, (and none did including supervisors and managers), then how can they pass this requirement? Albeit a small sample - how many would you like to sample before you find someone who knows it? Especially when this included the corporate customer service group in Memphis? When 100% of the sample doesn't know it seems evident that it does not meet it. This includes offices from across the USA in major cities such as Miami, Chicago, New York, Dallas, and Fremont (part of San Fransisco) California.

2) Under contract review if you review the weigh bill it indicates they will deliver as per what you mark except that it may be later in some areas. While later in some areas is obvious it does not mean that it will be lost and not delivered and no notice given to us. This falls under both contract review for changes to agreement and 4.7 control of customer supplied product. So they actually have failures under 2 additional sections.

3) Now the point was made that ONE agrieved customer is not a good example. Which is interesting since I have had no less than FIVE of my clients who are much BIGGER customers than we are ask for corrective action as well. They were told the same thing we were: FEDEX does not do corrective actions. (BTW they also asked about the quality policy and got told the same thing.) -Therefore I have to again question how they pass either section of the standard when they indicate they don't do corrective actions and don't know the quality policy. Obviously they have no mechanism for recording corrective action requests. So when the auditor goes in there are none to look at and they pass. Or they select a few and show them. I can not explain it any other way.

4) If none of the employees asked knew anything about any training on procedures or what procedures were, how is training demonstrated. I have been in that postion before in an audit so we phrased the question regarding procedures and records every way we could to obtain correct information and still found it lacking. So the section on training is also questionable.

As for getting FEDEX involved I would love to have them or their registrar answer the questions that were posed either on line or off line. It is unfortunate that they do not seem to want to do that either on or off line.

A number of my clients have questioned us on why they have to do corrective actions if companies like FEDEX don't. There are others out there that have been registered who also will not respond to corrective actions. So FEDEX is not the only one.

One point that was interesting is that FEDEX is the only company that has been allowed to be audited as a "VIRTUAL OFFICE" while others are being told they have to have all their offices audited over a period of time being anywhere from 3 to 5. Why are they being treated different? This again says that the standard is not being applied equally to all companies.

I sense some defensiveness on the part of the registrar or people who were involved with this particular registration. If the company truly lives up to the letter as well as the intent of the standard then no one should have to be defensive. If in fact the 12 offices I talked to and the corporate people were ill informed it is simply a matter of better training and should have been or should be taken care of easily.

If on the other hand there is a real problem then maybe we do have a weakness in the system which many of us in the real world know exist. I for one have seen companies who have major non conformances in more than 5 sections of the standard pass an audit. Some did it intentionally and fooled the registrar and in other cases the registrar has looked the other way. That is the reality of the real world.

> From here I would rather focus on a better example of how a good "virtual office" should look and not on how FEDEX did it. Maybe we can help the person who asked by giving ways to make different sections comply.

My first suggestion is that all employees are brought into a training session to discuss the ISO process and what ISO implementation will mean to them. This includes an overview of the standard and I suggest that if you are doing it right going through each section of the standard and let the employees know what that section will mean to them. Ask each employee or group to develop their own plan for helping with the implementation in their department. Record the training and record the plans. This will get you off to a start.

Have each group also develop their goals for the year and review them against company goals. This gets you to the next step: implementation.

Document control can be done as suggested via intranet link or by using a read only CD controlled at the main office.

I am sure others have some additional suggestions for the remainder of the implementation.

Phyllis
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
Subject: Re: ISO 9001 Certified Virtual Office /.../Cogan
Date: Tue, 6 Jul 1999 10:50:46 -0600
From: ISO Standards Discussion

From: ken.cogan
Subject: RE: ISO 9001 Certified Virtual Office /../Cogan

Just as a point of clarification, the Fed-Ex ISO 9001 certificate only lists their headquarters location, it does not list all the field office locations since no on-site auditing was done at the field sites. Although many field sites are virtually audited, they should not be considered as part of the official certification. Therefore you should not expect field office personnel or couriers to understand the quality policy or even have a clue about ISO 9001. Fed-Ex headquarters does have a corrective action system which includes customer complaints. What is impossible for a third-party auditor to know when reviewing corrective actions and customer complaints is whether all have been included in the records or there are some which have been ignored and are not entered into the system.

Ken
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#10
Subject: Re: ISO 9001 Certified Virtual Office /.../Cogan/Naish
Date: Thu, 8 Jul 1999 15:16:31 -0600
From: ISO Standards Discussion

From: PNaish
Subject: Re: ISO 9001 Certified Virtual Office /.../Cogan/Naish

Ken,

Not to belabor the FEDEX point but if you look at the book FEDEX gives its customers on page 7 it does not say corporate only. To be exact it says: "...Leadership in our systems, which recently earned us ISO 9001 certification of our operations worldwide (first in our industry so honored!).." That is pretty clear they are saying worldwide so either it is false advertising which their registrar should take exception to or they are certified worldwide. The other registrars that I know would not accept this statement if only Memphis was audited as it is clearly misleading the public.

This is another example of buyer beware. I have noticed numerous ads in magazines which imply the whole company (not FEDEX but other companies) is ISO 900X. Be sure you knwo what the scope of the certificate says and what facilities it refers to if you are making purchasing decisions from this type of information. Get a copy of the actual certificate and verify that the location you deal with is in fact certified or find another way of qualifying the supplier.

Phyllis
 
Thread starter Similar threads Forum Replies Date
GStough WCQI Virtual Conference May 6, 2020 Coffee Break and Water Cooler Discussions 1
D Virtual Documentation via Master Flow Chart? Process Maps, Process Mapping and Turtle Diagrams 3
V CE Mark under MDD or IVDR - IVD company doing Virtual Manufacturing Other Medical Device Regulations World-Wide 3
D Certifying a "virtual" company with zero employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
S ISO 13485 scope of certification - We are a virtual manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 1
M Informational MHRA – Virtual manufacturing of medical devices – Updated guidance Medical Device and FDA Regulations and Standards News 1
dgrainger MHRA guidance on Virtual manufacturing - version 2 EU Medical Device Regulations 1
M Medical Device News CDRH Research Programs – VICTRE: Virtual Imaging Clinical Trials for Regulatory Evaluation Medical Device and FDA Regulations and Standards News 0
J Virtual Manufacturer and CE Marking EU Medical Device Regulations 7
M Virtual Manufacturer vs Reseller (Medical Devices) EU Medical Device Regulations 0
TheMightyWife Virtual Manufacturer v Medical Device File (NB audit) EU Medical Device Regulations 12
N Own brand labelling/virtual manufacture of IVD's EU Medical Device Regulations 2
S Virtual manufacturers/OEM - CE/ISO requirements EU Medical Device Regulations 7
B Virtual Manufacturer / OBL ISO Requirements Other ISO and International Standards and European Regulations 3
M Audit Mandays for OBL/Virtual Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 9
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
I MHRA - Virtual Manufacturer Document Requirements EU Medical Device Regulations 2
K Quality Manual for a Virtual Company (Medical Device) Quality Management System (QMS) Manuals 2
P Qualification of pest control service in a "virtual manufacturer" ISO 13485:2016 - Medical Device Quality Management Systems 3
P How to add Voip features (ring group, virtual receptionist) into Cisco SIP PBX in C#? Medical Information Technology, Medical Software and Health Informatics 1
J FDA Compliant Quality System for Virtual Manufacturing (IVD Medical Device)? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
W ISO 13485 - The use of virtual offices (everything is sub-contracted) ISO 13485:2016 - Medical Device Quality Management Systems 4
MarilynJ6354 American Global Standards Virtual Registrar ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A American Global Standards Virtual Cert Program for ISO 9001 Registrars and Notified Bodies 12
M Environmental Protection Virtual Event - 2010 Miscellaneous Environmental Standards and EMS Related Discussions 0
Stijloor Virtual Reality Tour of the Basilica of Saint John Lateran Travel - Hotels, Motels, Planes and Trains 3
K Virtual DMIS vs. PC-DMIS - Help needed Calibration and Metrology Software and Hardware 3
Wes Bucey SAE Virtual Job Fair - May 19, 2010 Career and Occupation Discussions 2
Q ISO 13485 Design Control Procedure for Virtual Manufacturer wanted ISO 13485:2016 - Medical Device Quality Management Systems 2
kisxena Transferring a validated software platform to a virtual server Software Quality Assurance 8
V ISO 9001 Virtual Audits - Ways to audit remote locations such as design centers General Auditing Discussions 6
T CMM Reverse Engineering Scannning 3-D - IMS Impact with 4.8 version Virtual DMIS Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
RoxaneB Are You Interested in Coming for a Virtual Walk? Coffee Break and Water Cooler Discussions 130
I Virtual Manufacturing and ISO 13485 - Cardiovascular products ISO 13485:2016 - Medical Device Quality Management Systems 7
Govind Virtual Audit by Internet or Electronic Communication - Do you have any success? General Auditing Discussions 11
B Can we be ISO 9001 certified without a physical office? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Watchcat Office of In Vitro Diagnostic and Radiological Health (OIR) De novos 2018 Other US Medical Device Regulations 1
S Tracking laptop movement inside the office IEC 27001 - Information Security Management Systems (ISMS) 7
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
M Remote Office only has Invoice Function - Audit Needed? IATF 16949 - Automotive Quality Systems Standard 0
T SPC in Insurance Back Office Operations Service Industry Specific Topics 4
L Computer stations unlocked - Office Stations vs Production Stations Supply Chain Security Management Systems 4
5 Advice for a new EMS at a small, office-based company ISO 14001:2015 Specific Discussions 3
B Taiwan Medical Device registration - Production or legal office Other Medical Device Regulations World-Wide 6
R ISO 14001 Environmental targets - Office only ISO 14001:2015 Specific Discussions 9
S Re-validation - MS Office Upgrade Quality Assurance and Compliance Software Tools and Solutions 3
A Office that only manages Contracts - Exclusion of Clause 7.3 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Kids in the office from an auditors standpoint ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
S ISO9001:2008 for Sales Office ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Technical Oversight - Government Shipyard Quality Office Responsibilities Quality Manager and Management Related Issues 10
Similar threads


















































Top Bottom