A draft version of AS9101D is out for final review before publication.  It provides tremendous insight as to how the new AS9100C standard will be audited.  This is an excellent document which really only describes normal/best auditing practice but hopefully it will revolutionize AS9100 and then probably the rest of the ISO industry.  It mandates behavior that is likely to ensure better and more effective auditing – but presents formidable challenges to the auditor and registrar community.  Training has been mandated for auditing the new AS91000C standard in an attempt to ensure competency and it will to some extent be based on AS9101D – despite the fact that the training is already being developed.

Here is a summary of the key points.

Process Approach – Strong emphasis on an understanding and use of a process approach by organizations.  If your documents are not process based you should perhaps worry.

Auditing Methodology – Strong emphasis on 6 specified methods of auditing which outline key issues which are “recommended” to be included in an audit.

More audit time needed.-  It is “expected” that the previously specified “total” audit time is now applied as “on-site” time.  Time will be added for off-site activities which are also about to increase.  AS9101D specifies lots of extra information needed prior to audits and additional information and activities during the audit which is going to ensure a thorough and effective audit – but also a longer and more intensive audit.

Objective Evidence Record (OER) – although there was talk about removing the laborious checklist that was previously mandated – it is still there in the current draft standard.  While this is potentially a barrier to process based auditing (which will cause much confusion to some auditors) it is the only way that anyone will be able to see that the auditor has done a good job of assuring every requirement of the standard has been audited.  Without this or an equivalent audits will simply fail.

Process Effectiveness Assessment Report (PEAR) – Auditors are now required to assess the effectiveness of processes in an organization.  Not all processes will be subject to this assessment but certainly all important ones.  This is an obvious need during an audit but this is going to be beyond the ability of many auditors who just audit to checklists.  The way to ensure you stay clear of problems is to do this on behalf of the auditor and make it indisputable.

Perhaps the final note to mention here is that there are rumors that AS9101D publication is delayed.  This wont cause a problem to the overall progress of AS9100C release and upgrading as the aforementioned sanctioned training is not expected to be “available” until April.  Unfortunately nobody really knows the timescales as the key milestones are dependent upon the results of committees voting.

Here is a more detailed description of what you might have to do and how your audit might be performed.

The Process Approach

The process approach has always been “out there” as a concept when developing management systems.  Cavendish Scott, Inc. has been using the process approach since 1985.  We didn’t call it that but it just made sense that the right way to build a management system was to structure it around the organization and not copy the requirements of a standard.  Unfortunately many organizations saw fit to base their management system on the standard, structuring it around the numbering and titles of the standard and not really describing their own processes.  Somehow this was satisfactory for the registrars.  In 2000, ISO tried to rectify this by describing the process approach.  Then they back-tracked declaring that although a process approach is contained within their model, they were not prescribing any method and that organizations already ISO registered would not need to rewrite their procedures.  Currently ISO is in decline (there are less certificates in the US than there were last year) and one of the reasons is that organizations saw little benefit – and so did their customers.  Part of the blame for this is that a system based around the requirements of a standard is difficult to maintain and is unlikely to yield benefits.  Further, registrars were reluctant to ask organizations to change – for fear of losing business and accreditation agencies too didn’t want to rock the boat.  Now for instance the accreditation agencies are getting tough on root cause/corrective actions despite the fact that this has been an issue since the original issue of the standard at in 1987.  However, the accreditation agencies still don’t press registrars to insist on a process approach.

Clearly the aerospace industry is not putting up with the inadequacies of the accreditation or registration processes.  AS9101D is their attempt to address the process model issue.   This is a direct quote from the draft.

0.2 Auditing Approach

This standard supports the engagement and evaluation of an organization’s quality management system process approach, as required by the 9100-series standards. When evaluating an organization’s quality management system, there are basic questions that should be asked of every process, for example:

• Is the process identified and appropriately defined?
• Are responsibilities assigned?
• Are the processes implemented and maintained?
• Is the process effective in achieving the desired results?

This, the new auditing methodology (see details later) and requirements throughout the AS9101D standard are pressing for organizations to understand a process approach.  If your system is based on the standards requirements it does NOT demonstrate that you understand the process approach, implemented processes and process based control.  Given this it is hard to understand how an auditor will not generate nonconformances on the effectiveness of the system.  If there is no procedure (or flowchart or process diagram or something) describing your production process, for instance, then you have not met the 4.1 requirement to define your processes.  Whether nonconofrmances get generated remains to be seen.  Auditors have accepted poor process definitions for years.  Given that without good process definitions, measurement, objectives and improvement are not easy to achieve, these nonconformances are long overdue.

Auditing Methodology

This standard identifies 6 approaches that “CAN” be used to conduct audits.  The note following that statement implies that this is expected as a minimum.  This probably means that registrars cannot ignore the methods or they will get in trouble.  They will have to generate tools to help them ensure the audit utilizes these methods (as a minimum) and generates evidence to prove they have.  It is complicated to integrate these methods into the audit approach currently used which almost exclusively relies on the existing AS9100C checklist.  Consequently expect some registrars and/or auditors to simply do these methods/approaches in addition to the checklist.  Perhaps the mandated training will address integration of these methodologies with the checklist but even so it is a difficult concept.

The following extract includes the introduction to this Audit Methodology and then lists the he six methodologies by title and gives a brief (not verbatim) description including extracts.  Some of the methodologies include lengthy descriptions with many items listed.  Here they are summarized to give an example of what they are about.

4.1.2 Audit Methodology

The following approaches identify different audit methods that can be used, as appropriate, to conduct audits.

NOTE: The identified methods are not intended to be a complete listing, but represent a significant contribution for auditors to evaluate quality management system conformity and effectiveness. Use of these methods will help transition from clause based auditing and put focus on the actual processes, their effectiveness, and their ability to meet the quality objectives.

4.1.2.1 Customer Focus

“The audit team should assess whether customer satisfaction is adequately evaluated and appropriate actions are taken”.  “Customer feedback is a process and should be audited as a process” – these extracts from the section highlight where this audit methodology focuses.

4.1.2.2 Organizational Leadership

There should be an interview(s) with top management to evaluate the establishment of policy, objectives and about commitment. -  This is not the only place where an “interview with top management” is discussed.  It is hard to believe but perhaps some auditors have not been insisting on meeting top management.  It will be hard to avoid now.

4.1.2.3 Quality Management System Performance and Effectiveness

Methodology subjects include a review of the processes for complaints, internal audits, stakeholder feedback, nonconformances, preventive actions, management review meetings and performance to targets.  These subjects are going to be addressed in many other areas (the methodology does not say how they will be met).  The key will be to ensure they are linked where appropriate and evidence complete to demonstrate the methodology has not been ignored.

4.1.2.4 Process Management

“The audit team should conduct quality management system audits using a method that focuses on process performance and effectiveness; this ensures that priority is given to the following:

a) reviewing the organization’s processes, their sequence and interactions, and performance against requirements …..”

Also mentioned, the auditor is to look for defined measures with a focus on processes that directly impact the customer.

4.1.2.5 Process Performance and Effectiveness

Measurements that indicate or directly measure the effectiveness of processes.  The example quoted is KPI’s (Key Performance Indicators).  In truth ISO has always stressed the importance of this.

4.1.2.6 Continual Improvement

“The audit team should evaluate the organization’s interrelated processes and activities for continual improvement of the quality management system, its processes, their conformity, and effectiveness in order to:

• ensure focus on issues that are important to the organization, their customers”

Many other items are listed in the continual improvement methodology but this is where the focus is.  Note also that improvement is a process and not incidental and unrelated improvements that might have occurred.  And the focus is on things that are important.

More Information Required by Registrars

Before the audit, registrars must obtain more information in order to be able to “take into account” results of internal audits, performance measures, previous Management Review results and the proportion of aerospace (and defense) customers compared to total revenue.

All of this information must be obtained before the audit starts so that planning can be conducted appropriately.  Registrars will have to spend more time on this activity (and it will have an impact on their customer service, response and probably costs.

During the Stage 1 audit they are required to review risk assessment methods, customer satisfaction data, special processes, preventive programs e.g. FOD, in addition to everything that they normally cover in a stage one (e. g. internal audits).  Again more time and perhaps more cost (but this should assure audits that get to stage 2 are more successful).

Stage 2 Audits are required to include a review of all new [aerospace] customers, a review of customer satisfaction, special processes, continual improvement of the QMS and an interview with top Managemnet.

This is not particularly a significant increase over previous “expectations” although some additional effort will be required.

Process Efficiency Assessment Report (PEAR)

This requirement is new.  It is hoped that sanctioned training will include substantial training for auditors as judging the effectiveness of a process that you get to see for a matter of minutes (rarely hours) is quite a task.  However, the form that records the PEAR provides a simple approach and this is where well organized companies will address this issue before the audit and make the auditors life easy.  Choosing the right measures for effectiveness will be important.  Inappropriate measures are likely to be dismissed but measures that take too much effort may be unpopular.  The following extract outlines the importance of the PEAR.

“The results of effectiveness shall be recorded on the PEAR (see Appendix C) for each audited product realization process. The level of effectiveness for each process shall be recorded on the PEAR (statement of effectiveness level). If the level of effectiveness has been classified as a ‘2’ or a ‘1’, this shall result in a nonconformity being issued against 9100-series standards clauses 4.1.c and f (see clause 4.2.4).”

Note that if you are issued a PEAR with a level 3, it is a reasonable expectation that during the next audit, that process will be at a level 4.  “Appropriate” actions should ensure that.

The following is a listing of the key fields in the PEAR form.  At the bottom is the classification of the effectiveness level mentioned above

Process Name:

Process details, including associated process interfaces:

Applicable 9100/9110/9120 clause(s):

Organization’s method for determining process effectiveness:

Auditor observations and comments supporting process effectiveness determination:

Statement of Effectiveness Level:

The process is:

1. Not implemented; planned results are not achieved.

2. Implemented; planned results are not achieved and appropriate actions not taken.

3. Implemented; planned results are not achieved, but appropriate actions being taken.

4. Implemented; planned results are achieved.

Objective Evidence Record

Although there were rumors that the checklist was going to be removed, it is still included in the current draft although in a different format.  This is a good thing – despite what many auditors claim.  Without this, there is insufficient evidence to demonstrate what was audited.  If any problems occur it would be impossible to follow up and see what the auditor looked at and possibly clear them of blame.  Registrars are allowed to have their own checklist so long as it meets the same intent.

Nonconformances

“Recurrence of the same or similar nonconformity found during consecutive audits at a particular site/location shall be considered as a failure of the corrective action process (see 9100-series standards clause 8.5.2) and shall result in a major nonconformity being issued”

Inadequate corrective action will no longer be tolerated in aerospace quality management systems.

Conclusion

Many of the issues introduced here represent a substantial change in auditing content and approach.  In many respects this is disappointing because what the standard is calling for is mainly good auditing practice by competent and capable auditors.  Auditors are witnessed and it is possible that many auditors will be prohibited to audit if they are unable to demonstrate best practice auditing.  This too is a good thing as an industry as important as the aerospace industry deserves good auditors to ensure effective quality and to drive improvement up and costs down.  That is not the case at the moment and this standard has the opportunity to make substantial, meaningful and beneficial change throughout the aerospace industry and the ISO industry in general.

Organizations will need to carefully prepare for AS9100C.  Not necessarily because the standard has changed much but because the auditing approach is getting more sophisticated and better.  This will represent some additional cost and effort for organizations but with the loss from the supplier base of those that didn’t do it, and the potential benefits that can be achieved with ISO/AS with the right focus, companies who put that effort in early are likely to reap the benefits.

Cavendish Scott, Inc. invests time and expertise in ensuring AS9100C consulting projects are successful.  We are professional about our understanding and design consulting approaches that guarantee success.  For more information about what we might do and how we might help you upgrade your AS system click here.

Diana Lough and Emily Myers

 What the Quality Professional Needs to Know about AS9100.

 

This presentation covers the application of AS9100 in a general sense, talks about the differences between AS9100B and AS9100C and discusses the timelines for implementation of the new AS9100C.

Diana Lough and Emily Myers

The Value of ISO and Meaningful Audits

 

The attached presentation was made to a Packaging Industry group.  The emphasis was to the finishing departments in the packaging industry environment although the sentiment is widely applicable.  The presentation has two main areas: 1. How ISO can be valuable and how to realize that value, and 2. How to maximize the benefits of ISO audits.

By Todd Vesty

One of the most daunting aspects of an ISO 9000 project is the documentation. Many managers stay awake nights with visions of ream upon ream of bureaucratic paperwork. Often, people are forced to re-visit old fears from high school English class, where their papers were not well received. While it is possible that these fears will be realized, it is not really necessary. There are several techniques that can make the process of creating a documented quality system easier, more effective and less intimidating.

These techniques range from simply using the appropriate tools, and applying the appropriate structure, to using the right personnel. As always, proper planning, clearly defining responsibilities, and controlling the process are imperative in its success. There are five areas that must be addressed in order to develop a quality system with the least headaches. These are process definition, structure, tools, format/grammar and flexibility.

Process Definition

Many pundits will tell you that each person at the company must write their own procedures in order for them to be effective and appropriate. They argue that no one knows the process better than the person who performs it every day and that if they are not the one’s to document it, they will have no ownership. While this argument has some merit, it only works well if everyone at your company is a capable writer with a proper word processor and has the time and inclination to write procedures.

The reality is probably that much of the staff, even those at management level, aren’t capable writers and don’t have access to or sufficient practice on word processors. Involving many people in the construction of a set of documentation will yield different styles, levels of detail, formats, etc. creating considerable problems for the person responsible for pulling it all together. This person has probably already invested considerable time and effort in the training and support of people who will likely never write another document for the organization. In addition, few people have the time to devote to procedure writing. Because of this, everyone’s involvement is a goal that is unachievable at most organizations.

Who then, should write the procedures? The company should designate a person who is responsible for the generation of procedures. That person should decide format and structure for the procedures and will do most, if not all of the writing. Designating a single person assures that the procedures are written in a timely manner without excuses and without people shirking their responsibilities. It also enables the company to assign a capable writer with the appropriate skills to determine the processes involved, identify the right level of detail, and document them in such a way as to avoid the “ownership” issue. Finally, having a single person write the procedures ensures that there is a consistent format and structure. This is one area where considerable benefit can be achieved with the use of an outside consultant. This frees up internal resources to focus on the key purposes of the business and ensures an expert job.

The remaining problem is how to write the procedures. The person writing the procedures must ensure that the process is accurately depicted. This is typically done by interviewing the staff in the area for which the procedure is being written. The interview is used to gather needed information about the process and to determine how compliant the process is. It also allows the staff to have input into the procedure, so they don’t feel “out of the loop” and can feel “ownership” of the documents once created. From the information gathered in the interviews, the writer writes the procedure, reviews and edits it with the staff.

Structure

Before writing the documentation, it is important to determine the structure. It is a very common mistake to get the structure wrong and usually occurs in two ways. The first is having too many, too few or improperly structured levels of documentation. The second is structuring the documentation around the standard as opposed to the business.

A proper ISO 9000 quality system is written in three levels. Level one consists of the Quality Policies. This usually takes the form of a Quality Manual. Level two consists of the standard operating procedures. Level three refers to the work instructions, checklists, forms, and other task specific documentation. This is the structure which has proven successful the world over and is alluded to in ISO 100013. Some consider that records are the fourth level, but this is not the case. Records are evidence of facts and history; they are not documents that are maintained up to date. Once a form is filled and filed away it is not pulled out a year later because the format of the form has changed. The format of the form is a level three document but once filled in, it becomes a record. Yes, records are part of the “documentation” of the system but it is a mistake to assign them a level and assigning them a level serves to confuse the important difference between and procedure and a record.

There is often some confusion about what a quality manual is. Often, the company will bundle its entire quality system including procedures and forms into one manual and call it the Quality Manual. Although this is one possible definition, it does not help an organized structure. A Quality Manual is a document that describes the policies for quality, defines the structure of the quality system and defines the structure of the organization and responsibilities for employees. It does not include detail of operations and should avoid the specifics of procedures.

A typical Quality Manual would include several sections. First, it would define the structure of the organization. It might do this by including and organizational chart and by defining the responsibilities of key personnel. It would also describe the structure of the documentation used in the quality system. Finally it would reiterate each requirement of the standards and state briefly how they will be addressed. In many cases, simple acknowledging the requirement and stating that they will be met is enough. Again, the Quality Manual is not the place to describe specific procedures.

This brings us to level two. Level two refers to the procedures. These describe how the company operates on a department by department basis. Procedures typically do not include detailed task specific, or order specific instructions but focus on the management level information. How is the department organized? What information is received? What happens with that information? What tasks are performed? What reviews take place? And where does information go or get filed?

When writing procedures, it is important to structure them around your business, not around the standard. Too many organizations take the easy route by generating one procedure for each element of the standard. If you don’t have a product identification and traceability department, then you shouldn’t have a product identification and traceability procedure. This requirement of the standard should be included in your other procedures where it applies. Consequently it is clear that when procedures have been structured around the standard, the system has been designed to gain compliance, not to add value to the way the company is organized and managed.

Level three refers to the detail oriented, lower level documentation. This might include checklists, blank forms, task instructions, blueprints, drawings or order specific documentation. It does not include completed forms or other records.

Tools

Documenting an entire system is a sizable task. Before embarking on such a task, it is helpful to gather the appropriate tools. First, this means a current word processor. Having a modern computer and word processor will pay for itself in cost savings and avoided frustration. The modern word processor includes automated spell checking, grammar checking, and many formatting features.

Before diving into procedure writing, it is important to know how to use these features on your word processor. Before starting, experiment until you are comfortable using the word processor’s features. By doing this, you will be able to incorporate these features into your first documents, rather than having to incorporate them later.

A variety of software tools are available to help generate and manage ISO 9000 documentation and systems. Generation software suffers the danger of leaving you with a boiler plate system, twenty procedures and focussing on compliance. Management software can be useful as the sophistication of the requirement increases. Managing large numbers of instruments internally might warrant calibration control software, for instance. However, considerable sophistication already exists in current word processors, spreadsheets and databases that come with your computer. These tools are often expensive, sometimes complicated and do not always yield the promise.

Format/Grammar

When writing procedures, there’s no need to be Ernest Hemmingway. Writing procedures does not require creativity or a huge vocabulary. In fact, all of these things can hurt the process more than help it. The best procedures are simple, clear and concise. All you need to remember is to avoid passive voice and avoid excessive wordiness.

Passive voice makes procedures difficult to read, and should be avoided when possible. For example:

The Packing List will be signed by the Receiver and entered into the system. (passive voice)

The Receiver will sign the Packing List and enter it into the system. (active voice)

As you can see, the passive voice sentence is less clear and is longer.

Excessive wordiness or the use of complex words also makes procedures difficult to read. It is important to keep procedures simple and appropriate for their audience.

The Receiver will be cognizant of any discrepancy in the materials prior to signing the Packing List.

(difficult to understand)

The Receiver will note any damage or defect in the materials before signing the Packing List.

(easier to understand)

Flexibility

Another common mistake when creating documentation is to create rigid procedures that are difficult to follow and maintain. Procedures should be written in a manner that they are flexible and don’t paint you into a corner. Also, they should avoid hard references, complex numbering schemes and other unnecessary bureaucracy.

Several hard references are shown below:

If a nonconformance is found, the employee will document it according to SOP 4.14. rev 5

If a nonconformance is found, the employee will document it according to SOP 4.14

If a nonconformance is found, the employee will document it according to section 5.5 of this procedure.

All of these references pose problems. The first one references a procedure by number and references a revision. That means that every time the referenced procedure is updated, this procedure would have to change also. This is difficult to maintain and likely to be forgotten. The second one references the procedure by number only. This eliminates the revision problem, but is still subject to number changes. It is also difficult for the reader to follow. The third one may seem simple enough, but it may still pose a problem. If a section was added to the procedure before section 5.5, then the number would change and the reference would be wrong.

A more appropriate method follows:

If a nonconformance is found, the employee will document it according to the Corrective Action Procedures.

This is clear to the reader and is unlikely to require changes.

Many companies number their procedures. This practice is not necessarily a problem. It does, however, have the potential for problems. The most common problem is the use of ISO 9000 section numbers (”SOP 4.5 – Document Control”, “SOP 4.18 – Training”). This may deem logical, but there may be instances where there are several different procedures that address a single ISO clause. There may also be instances where a single procedure addresses several ISO clauses. How would these be numbered? In addition, the year 2000 revision of the ISO 9000 standard does away with the 4.X numbering system. This will make 4.X numbering systems obsolete. If your document numbering system is cumbersome, eliminate it. ISO doesn’t require document numbering.

Finally, it is important to write procedures in a flexible manner so that they don’t restrict your employees unnecessarily. In short, don’t make a rule unless it’s necessary.

The employee will retrieve the document and will stamp it in the upper left corner with a red “obsolete” stamp.

The employee will retrieve the document and will clearly mark it as obsolete.

The first statement would mean that you would have to train all of your employees to stamp in red in the upper left corner. You would also have to ensure that the employees have access to red ink and a stamp. Even after taking these steps, it is likely that the procedure often isn’t followed. The second statement provides the same protection, but does not restrict the manner in which the employee complies. It is just easier to follow.

Conclusion

ISO 9000 documentation is an involved task – it has to be! Done properly it will add value to your business. Before embarking on your own documentation investigate the situation thoroughly and ensure you have expertise in the subject and time and resources to see the project through. It will save you a lot of time and effort.

Finally, do not make the mistake of starting with the work instruction documentation. This is the most common and wasteful mistake of ISO 9000 projects. ISO 9000 does not call for any level three, work instruction documentation, unless it is necessary – and if its necessary, it already exists. This type of documentation may add value by better defining processes or enhancing training, but you are not doing it for ISO 9000 compliance. Make sure you want it.

by Colin Gray

Tucked away in section 4.1.3 Quality Policy Statement, is a requirement that management formulate objectives for quality. This is one area that is frequently overlooked when implementing ISO 9001 and just as frequently is overlooked by auditors during ISO 9000 assessments.

Generally speaking, and this case is no exception, objectives should link strategy and policy to plans and procedures. In a quality system, quality related objectives should contribute towards achievement of the stated policy.

While there is no requirement in the ISO 9000 standard to guide in the choice and formulation of objectives, Juran provides excellent information in his Quality Control Handbook. He states that objectives should be: Measurable, Optimal to the overall result (no individual objective should contribute to a bias result which subjugates the overall aim), All-inclusive (objectives should cover all activities so that all are equally high priority), Maintainable (elements can be revised without redesigning others), Economic (the value of achieving objectives must be greater than the cost of setting them). He also points out that, in order to work, objectives must be perceived as: Legitimate (undoubted official status), Understandable (language of those faced with meeting them), Applicable (fit with the conditions in which they are to be used), Worthwhile (preferably to those working towards the objective as well as the whole organization), Attainable and Equitable (the difficulty in obtaining them should relate to reward).

Companies usually run by numbers. There are numbers for sales targets, budgets for production materials, labor costs, etc. All the ISO standard is asking is for management to identify numbers which will indicate quality performance. These numbers will be different depending upon the business type, quality system structure and management focus. In fact many of them may already exist. Common numbers include turnaround time, throughput rates, scrap levels, yields, rework costs, on-time delivery rates. However each company, each management structure needs to work out its own numbers. Having picked the measures, these need to be recorded, trended over time and the formalization of plans to improve the numbers.

Formalizing the process forces management to make sure they are focusing on the right information and to ensure that the numbers are working. One client highlighted how successful their customer satisfaction was by the low frequency of customer returns and the low value of returned product. An objective viewpoint however, that of their President, was that the cost of the returned material included, shipping, restocking and loss of face with customers. His numbers indicated that there was work to be done.

Successful companies rarely happen by accident. Somebody somewhere is watching, and controlling, the numbers. This ISO requirement extends this thinking to the quality field, positively impacting quality issues, and then the business as a whole.

The process of attaining ISO 9000 is not only misunderstood but often feared. Media coverage, hearsay, and business-related horror stories have all contributed to its threatening image.

If you believe the hearsay, you may also believe that ISO 9000 is an intrusive set of unrealistic and unwelcome rules and regulations that will make doing business unbearably difficult in the short run and moderately difficult forever thereafter.

This is not the case. On the pages that follow, we at Cavendish Scott will examine and refute many of the common myths about ISO 9000. As you read on, keep two things in mind. In the first place, ISO 9000 was designed to help standardize business practices across the globe, making it possible to do business more predictably and more efficiently. Secondly, at Cavendish Scott, we’ve seen it all. With more than 400 clients on two continents, we have witnessed virtually all of the potential pitfalls – and the simple ways to avoid them.

We invite your interest and your feedback. And we hope that the information that follows will help make your road to ISO 9000 interesting, beneficial – and even enjoyable.

By Dan Nelson

The new ISO 9000:2008 standard is complete, the deadline is set for implementation, and conversion to the new standard is causing some degree of uneasiness in many companies. The process of becoming certified in the first place was difficult enough, but to change what has already been implemented already is daunting, to say the least. In order to ease some of your doubts, we have gone through the new standard and compared it to the old version. The following is a detailed and technical evaluation of new requirements. This will allow you to understand how your system will have to change to achieve compliance in the future.

If you have any more questions, we would be happy to answer them. If you need a little more help, we can upgrade your system to meet the new requirements for a nominal, fixed fee.

Section 4: Quality Management Systems

• 4.1 (General requirements) requires that the organization continually improve the effectiveness of the quality management system; 4.1 b) requires that the sequence and interaction of quality management system processes be determined; e) requires that the organization measure, monitor, and analyze quality management system processes; and f) requires the organization to implement action necessary to achieve planned results and continual improvement of those processes. 4.1 also requires that the organization control and identify within the quality management system any outsourced processes that affect product quality.
• 4.2.2 (Quality Manual) a) requires that the quality manual include not only the scope of the quality management system, but also details of and justification for any exclusions; c) requires the manual to include a description of the interaction between the processes of the quality management system.

Section 5: Management responsibility

• 5.1 (Management Commitment) requires that the evidence provided by top management to demonstrate commitment to the quality management system includes evidence of continually improving its effectiveness; a) requires that top management communicates to the organization the importance of meeting customer as well as statutory and regulatory requirements.
• 5.2 (Customer Focus) requires that top management ensure that customer requirements are determined and fulfilled with the aim of enhancing customer satisfaction.
• 5.3 (Quality Policy) b) requires that the quality policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system; c) requires that the quality policy provides a framework for establishing and reviewing quality objectives.
• 5.4.1 (Quality Objectives) requires that quality objectives br established at relevant functions and levels within the organization. (Quality objectives must include those needed to meet requirements for product.) Such objectives must be measurable and consistent with the quality policy.
• 5.5.2 (Management Representative) c) requires that the Management Representative ensure the promotion of awareness of customer requirements throughout the organization.
• 5.5.3 (Internal Communication) requires that top management ensures appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system.
• 5.6.2 (Review Input) requires that management review include current performance and improvement opportunities related to: a) results of audits, b) customer feedback, c) process performance and product conformance, d) status of preventive and corrective actions, e) follow-up actions from earlier management reviews, f) changes that could affect the quality system and g) recommendations for improvement.
• 5.6.3 (Review Output) requires that management review outputs include: a) improvement of the effectiveness of the quality management system and its processes, b) improvement of product related to customer requirements, and c) resource needs.

Section 6: Resource management

• 6.1(Provision of Resources) requires that the organization determine and provide the resources needed to a) implement and maintain the quality management system and continually improve its effectiveness, and b) enhance customer satisfaction by meeting customer requirements.
• 6.2.2 (Competence, Awareness and Training) c) requires that the effectiveness of any training provided is evaluated and d) requires ensurance that personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives.
• 6.3 (Infrastructure) requires that the organization determine, provide, and maintain the infrastructure needed to achieve the conformity of product to requirements (including, for example, buildings, work space, process equipment, and supporting services).
• 6.4 (Work Environment) requires that the organization determine and manage the work environment needed to achieve conformity of product.

Section 7: Product Realization

• 7.2.1 (Identification of Customer Requirements) requires that the organization determine: a) requirements specified by the customer including delivery and post-delivery requirements, b) product requirements not specified by the customer but necessary for intended or specified use, c) statutory and regulatory requirements related to the product, and d) any additional requirements determined by the organization.
• 7.2.3 (Customer Communication) requires that the organization determine and implement effective arrangements for communicating with customers in relation to a) product information, b) enquiries, contracts, or order handling, including amendments, and c) customer feedback, including complaints.
• 7.4.1 (Purchasing Control) requires that the criteria for selection, evaluation, and re-evaluation of suppliers be established. Records of the results of evaluations and any necessary actions arising from the evaluation must be maintained.

Section 8: Measurement, Analysis and Improvement

• 8.1 (General) requires that the organization plan and implement the monitoring, measurement, analysis and improvement processes needed to: a) demonstrate conformity of the product, b) ensure conformity of the quality management system, and c) continually improve the effectiveness of the quality management system. This must include the determination of applicable methods, including statistical techniques, and the extent of their use.
• 8.2.1 (Customer Satisfaction) requires that, as one of the measurements of the performance of the quality management system, the organization must monitor information relating to customer perception as to whether the organization has fulfilled customer requirements. The methods for obtaining and using this information must be determined.
• 8.2.3 (Monitoring and Measurement of Process) requires that the organization apply suitable methods for monitoring, and where applicable, measuring of the quality management system processes. These methods must demonstrate the ability of the process to achieve planned results. When planned results are not achieved, correction and corrective action must be taken, as appropriate, to ensure conformity of the product.
• 8.4 (Analysis of Data) requires the organization to determine, collect, and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement can be made. This must include data generated as a result of monitoring and measurement and other relevant sources. This analysis of data must provide information relating to: a) customer satisfaction, b) conformance to product requirements, c) characteristics and trends of processes and products including preventive action, and d) suppliers.
• 8.5.1 (Continual Improvement) requires that the organization must continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions, and management review.

Emily Myers, Cavendish Scott, Inc.

Auditing Calibration: What you need to know

This presentation covers all the key issues about calibration and how to audit a calibration function

It includes:

Information about traceability to NIST,

The difference between a manufacture’s cert and calibration cert,

Calibration records,

Frequency of calibration and

FAQs about calibration.  (attached)

Emily has a strong background in Metrology and ISO audits. She has specific experience with temperature, pressure, dimensional, humidity and torque calibrations, and has been trained by NIST and NCSL.

Emily currently works for Cavendish Scott, Inc. as a Lead Auditor and manages the Outsourced Internal Audit program. She is also a certified ISO 9001:2008 IRCA Lead Auditor Training classes.

Emily Myers Meet the Speaker Sep-2009

Calibration FAQ’s 100109

Diana Lough gave this presentation to Pikes Peak ASQ in September 2009.

Pikes Peak ASQ Presentation. Regulatory and Statutory Compliance: Its Everybody’s Business

09 Sep 2009 ASQ Presentation by Diana Lough

TITLE: Regulatory and Statutory Compliance: It’s Everybody’s Business

Regulatory and statutory compliance has long played a part in business. Traditionally the emphasis has focused on the safety and efficacy for raw materials, components, sub-assemblies and finished products sold. It often included third-party testing resulting in a listing or mark on the product and for finished products and/or it may have required a registration or license with a government agency. Where there are regulatory and statutory requirements, compliance is mandatory and enforceable. Failure to comply can result in product confiscation, lost future sales, fines, and in severe cases, plant closures and legal prosecution. No matter the scale, failure to comply requires time and resources (and therefore money) to resolve the issue along with interruption to the business and failure to meet customer needs

In today’s global marketplace, more governments are increasing “protection” for their citizens. More countries are following in the footsteps of Europe, Japan and Australia by requiring product registrations and in-country representation. Medical device exports have more stringent requirements. In some countries, medical and consumer product labeling and/or instructions for use must be translated in their official language.

And with the changing emphasis on the environment, the impact has broadened and more statutory requirements are coming into play. Local laws and ordinances may govern your organization’s waste stream, nuisance control and other negative impacts on the environment. Depending on the destination market for your product (national or international), there may be statutory laws regarding the product’s packaging (content and disposal) and the end of product life disposal. Legislation for banned chemicals is more commonplace, particularly in Europe and Canada. And transportation of goods even has country-specific restrictions.

So what business processes are impacted? New product development and design changes are still a primary focus. But regulatory and statutory requirements also impact marketing, sales, manufacturing, shipping and transportation, disposition of nonconforming material, facilities management, complaint handling, documentation, record keeping, and management. A brief overview of process controls for each of these will be covered.

The sky isn’t falling by any means. By ensuring your business processes are defined and implemented with adequate controls, your organization will maintain compliance and keep up with our changing world.

Diana Lough:Meet the Speaker

Colin Gray gave the attached presentation to the Northern Colorado ASQ in September of 2009.

Northern Colorado ASQ Presentation Fix your QMS to ISO 9001:2008

The content included:

A review of the changes to the standard (no real changes)

A review of the corrigulum fixing errors with the new standard (no real errors – only in appendices)

The implementation timescale – no ISO 9001:2000 certificates to be issued after November 15, 2009.  No ISO 9001:2000 certificates in existence after November 15, 2010.

Example of a poor nonconformance issued against the changes (withdrawn by the auditor after a complaint – but beware)

Key implementation activities