March 1st, 2021
The FDA is presently working on transitioning their QSR requirements to ISO 13485. The intent is to coalesce 21 CFR Part 820 with ISO 13485:2016 to harmonize requirements while revamping the regulation, which hasn’t been updated in more than 20 years. As medical device companies increasingly distribute globally, they have had to comply with both requirements, as well as other international requirements. Since international medical device regulators (including the ones in EU, Canada, Australia, and Japan) stand their quality system requirements on ISO 13485:2016, the FDA can renew the regulation to align with a wider, universally trusted quality system standard.
Overlapping Regulations for Medical Device Manufacturing
ISO 13485:2016, Medical devices – Quality Management Systems , is a voluntary standard for medical device manufacturers and suppliers and is used worldwide for developing and maintaining the system that caters to the needs of the market requirements for medical devices. 21 CFR Part 820, Medical Devices – Quality System Regulation , is a mandatory FDA regulation that medical device manufacturers and suppliers must comply with to distribute devices in the U.S.
There are significant similarities between 21 CFR Part 820 and ISO 13485:2016, but there are still a few minor specifications that might not be explicitly contained within ISO 13485.
Organizations conforming to 21 CFR Part 820 can move confidently towards compliance with ISO 13485:2016. With compliance to the subject regulation, companies can market medical devices in the U.S.A commercially as well as internationally.
Comparing ISO 13485 with FDA 21 CFR Part 820
ISO 13485 and FDA 21 CFR Part 820 are compared based on their purposes, histories, scopes, and influences on each other. The below comparison matrix will help you understand the working scopes, applications, and domains of both the standard and the regulation.
ISO 13485:2016
FDA 21 CFR Part 820
Voluntary standard – when a requirement is met as per ISO 13485, it is known as conformance.
Mandated regulation USA medical device manufacturers- when a requirement is met as per FDA 21 CFR Part 820, it is known as compliance.
Prioritizes a risk-based approach and cites related standards such as ISO 14971 for managing medical device product risk management.
FDA Part 820 rarely specifies requirements for risk management.
Internationally accepted standard
Other countries may have their own regulations. 21 CFR Part 820 is a regulation and mandatory for U.S. commercial distribution of medical devices.
Has undergone multiple revisions
Structure remains unchanged since 1997.
Various countries worked in collaboration with other members of ISO to create ISO 13485.
21 CFR Part 820 was created solely by the FDA.
ISO 13485:2016 is more closely correlated with 21 CFR Part 820 than its precedent ISO 13485:2003 and the commonly used QMS model of ISO 9001:2015. Numerous countries depend on ISO 13485:2016 in regulating medical devices and it has received strong support from the FDA, in line with its drive for global convergence of medical device regulation. The FDA and other countries’ device regulatory agencies will easily be able to discuss inspection reports from other agencies because the requirements are similar.
Most of the Part 820 regulation requirements are covered in ISO 13485:2016 however, there are some requirements that might not be included explicitly in ISO 13485, for example, Device History Record (FDA Part 820.184). Although, the ISO 13485 standard’s Control of Records (Clause 4.2.5), Planning of Product Realization (Clause 7.1), and Identification (Clause 7.5.8) implicitly relate to the requirements of Device History Record. So even many of the differences are close to being addressed.
Will the FDA Adopt ISO 13485
The question everyone is asking is exactly when will the FDA adopt 13485? The FDA originally published a Notice of Proposed Rule Making (NPRM) in May 2018. The abstract from Regulation Identifier Number (RIN) 0910-AH99 states:
“FDA intends to harmonize and modernize the Quality System regulation for medical devices. The revisions will update the existing requirements with the specifications of an international consensus standard for medical device manufacturers, ISO 13485:2016. The revisions are intended to promote the use of more modern risk management principles and reduce regulatory burdens on device manufacturers and importers by harmonizing domestic and international requirements.”
The NPRM is at the Proposed Rule Stage, and had an action date of October 2020. It is assumed that due to the Covid-19 pandemic, this action date has gotten pushed back as there has not been any further communication on the NPRM. A panel committee meeting will be held after issuance of the proposed rule.
ISO 13485 Provides a Simpler Regulatory Framework
ISO 13485 provides a framework for medical device manufacturers and suppliers to meet common regulatory requirements worldwide and serves as a strong foundation to meet FDA Part 820 requirements, as well as the requirements of other regulatory bodies in the world. As the FDA moves forward with harmonization this will be even easier. ISO 13485 provides a good choice as a quality management system for Medical Device organizations wishing to market their products in the US and internationally.
Cavendish Scott has many years of experience working with meaningful and valuable management systems and quality requirements. We can perform a gap analysis review of your current system and then, if appropriate, propose some additional actions to be taken to ensure compliance with both ISO 13485 and FDA 21 CFR Part 820.
About the Author
Stephen Hopp has 20 years of experience in FDA regulated businesses working as a Chemist, Lab Manager, Compliance Specialist and Auditor. He is an IRCA and Exemplar Global certified Lead Auditor with a focus on ISO 13485 and 21 CFR Part 820 projects. At Cavendish Scott he is involved in diverse auditing, consulting and training projects.
Wondering Where You Stand? Get a Remote Audit With Our Experts.
Whether you’re considering ISO certification for the first time, or simply trying to keep your paperwork and processes in order, a Remote Audit is incredibly beneficial. Work with our professional auditors to stay ISO compliant.
Learn More
January 28th, 2021
Root Cause Analysis (RCA) is a problem-solving technique targeted at identifying the actual root cause, or the reason for a nonconformity. A root cause is just what it sounds like: the “root” of the problem. The need for RCA stems from the fact that the elimination of the symptoms of the problems is not alone sufficient to address the problem, it must be addressed at the source. If you solve a problem at this root level, it is highly probable that you can prevent its recurrence.
Basic Steps: Root Cause Analysis
Root Cause Analysis (RCA) uses a specific set of steps, with associated tools, to find the primary cause of the problem, so that you can:
Determine what happened (Problem Description)
Determine why it happened (Root Cause Analysis)
Figure out what to do to reduce the likelihood that it will happen again (Corrective Actions)
It is usually easy to determine what happened, but more difficult to determine why it happened. Only if we do a good job of determining why it happened can we implement appropriate actions to ensure it does not happen again. This leads us to performing a proper and thorough RCA.
A search of the web will reveal a multitude of ways to approach RCA, some more complex than others. The basic approach to RCA can be explained in the five steps below:
Define the Problem
Collect Data
Identify Possible Causal Factors
Identify the Root Cause
Recommend and Implement Solutions
Defining the problem is usually the easiest step, and the step that led to the whole discussion of RCA. What exactly happened? Usually, it is a failure to comply with a specification, procedure, standard or regulation.
Collecting the data involves gathering the evidence to prove the failure. How long has the problem existed and what is the impact? Were other products or processes impacted? This will often involve gathering people from other departments. RCAs can rarely be effectively completed by only one person. Subject Matter Experts (SME) from various impacted departments are usually necessary.
Identifying the possible causal factors can be challenging. The most common mistake in RCA analysis is just to grab the most obvious causal factor and move on to corrective actions, but you need to drill deeper before moving on to the next step. What sequence of events led to the problem? What conditions allowed the problem to occur and what other problems surround the occurrence of the main problem? Identifying the causal factors is the most crucial part of the RCA analysis. Without proper identification, the corrective actions may not be appropriate and thus the problem may reoccur.
There are numerous tools to help drill down to the correct causal factors, one of the easiest is the “5 Whys”. Start with the problem and ask a ‘why’ question about the problem. The next ‘why’ question you ask should then follow on from the answer to the first question. Here is an example:
Why? – The final product arrived broken at the customer’s facility.
Why? – It was damaged during shipping.
Why? – The shipping instructions from the customer were not followed.
Why? – The instructions were never communicated from the Sales department to the Shipping department.
Why? – There is no process in place to communicate these requirements.
You could possibly take this to a 6th or 7th Why, but 5 is usually enough to get to the root cause of the problem.
Identify the root cause. The example above illustrates how it is important to drill down to the true root cause. If we just stopped at the first “Why” our corrective action might be just to ship the customer a replacement product, but by getting down to the true root cause we will fix the problem to ensure it never happens again.
Implementing corrective actions is the final step. How will the solution be implemented? Who will be responsible for it, and what are the risks of implementing the solution? Analyze your cause-and-effect process, and identify the changes needed for various systems. It is also important that you plan ahead to predict the effects of your solution. This way, you can spot potential failures before they happen.
Again, referring to our example above, the corrective action may be to implement a proper communication tool between Sales and Shipping. The tool may be updating your sales procedure requiring that customer requirements be added to your ERP system by the Sales team and the Sales Manager is responsible for the updating the procedure.
Conclusion
In summary, it is critical to perform RCA correctly to ensure corrective actions are implemented that will prevent reoccurrence of the same problem. A good RCA takes time and usually takes a team of SMEs. Not doing an effective RCA will lead to “band-aid” fixes and not real solutions.
Wondering Where You Stand? Get a Remote Audit With Our Experts.
Whether you’re considering ISO certification for the first time, or simply trying to keep your paperwork and processes in order, a Remote Audit is incredibly beneficial. Work with our professional auditors to stay ISO compliant.
Learn More
December 18th, 2020
Even before the 2020 pandemic, Cavendish Scott was performing some internal auditing services remotely. But since the first lockdowns, remote and hybrid audits have represented an increasing portion of the firm’s business.
Remote audits involve notable advantages over in-person audits, including the following.
They eliminate travel time and expenses.
They’re safer in terms of Covid 19 or other contagious viruses.
Since schedules don’t need to accommodate out-of-towners, they can be more flexible and less compressed.
Participants can join from wherever they are, as long as they have connectivity.
Document review can take place at individual computers.
Detailed Plans
Remote audits involve all of the same stages as their face-to-face counterparts, beginning with detailed planning.
Cavendish Scott auditors start by researching their client’s organization and filling in any gaps to make sure they have the knowledge and competence to perform the audit. They work closely with their points of contact to develop detailed plans, including schedules that list precise times for all activities, even breakouts and breaks. Schedules for remote audits can extend over longer periods than in-person audits so that their impact on day-to-day operations is minimal.
Planning also includes identification of all participants in the audit, how they will be involved and the documentation they will present. Cavendish Scott specifies what will be needed, including records and visuals. This enables participants to know their responsibilities so they can make their parts of the audit go well.
Just as an in-person audits require planning for physical space, so too, remote audits require planning for virtual space, where technology is even more important. In both cases, all need to meet in the same space.
Clear Communication is Essential
Numerous options exist for meeting platforms, including Zoom, Microsoft Teams, Google Meet, GoToMeetings, Join.me, and RingCentral Meetings, as well as others. Whatever option is chosen, clear communication is the goal, and good command of technology is important. A checklist for virtual spaces includes the following.
Charge devices ahead of time.
Check platform connections.
Check video, headphones, and microphones.
Test cameras.
Include phone connections, which can be particularly important for walk-throughs.
Address security and confidentiality concerns.
Practice as needed with space management tools, like screen sharing, screen mirroring, and separating panelists from others.
Have a backup plan.
Both in-person and virtual audits start with kickoff meetings. These gatherings usually include many if not all participants in the audit. The agenda includes talking about the scope, schedule, and goals of the audit, as well as, asking and answering questions and exchanging information.
Document Review
The virtual environment is an ideal setting for document review, a critical component of any audit. During in-person audits, this step often involves auditors’ leaning over someone’s shoulder to inspect documents on the client’s screen. During remote audits, all can comfortably and clearly view documents on their individual computer screens. Conversation is more open and relaxed. Communication is better, the audit trail is easier to follow, and document control can be more readily verified.
In addition, confidentiality can be better protected in remote audits. Clients share their screens, so Cavendish Scott doesn’t have access to their systems or any information that’s not included through screen sharing. Clients can withhold appropriate confidential and proprietary information.
Manufacturing Processes
The majority of ISO standards and audits are based on requirements with production involving only from 10 to 15 percent, on average, of standards. But for clients with complex production processes, this element is essential.
Since in-person facility walk-throughs and actual observation of manufacturing processes aren’t possible in remote audits, photography and videography play an important role in showing these. As noted above, the camera of a cell phone that’s connected to the appropriate meeting space can be a valuable tool.
Just as in-person audits end in much the same way as they begin, so it is with online audits. Often, the events take place in the same spaces with the same people present.
Physical-Remote Hybrids in the Future
Safety, of course, was the primary motivation for moving all audits online during the 2020 Covid-19 pandemic. Remote audits have been one way to adhere to government mandates about in-person work, and help to protect all parties against the deadly virus.
As the risk of in-person meetings lessens, Cavendish Scott will seek an appropriate balance between in-person and remote services. Of course, client preferences will play a large part in determining the right balance, but in many cases the answer may be hybrids, such as the following.
New clients will likely do well to start with an onsite audit for their first internal audit by Cavendish-Scott and then they may switch to remote or hybrid audits.
Existing clients may want to rotate from one type of audit to another—maybe having an onsite audit every three years with remote audits in the other two years of a cycle.
Clients that have a complex production component that’s critical to their audit may use both in-person and remote services in a single audit. They may work with Cavendish-Scott to develop a plan where the production part of the audit is done onsite, while the remainder is done remotely.
Whatever their preferences, Cavendish Scott stands ready to help organizations prepare for certification audits, using all of the tools, opportunities and advantages available, including those that come with remote auditing.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards.
Get Started on Your Remote Audit Process Today!
Whether you’re considering ISO certification for the first time, or simply trying to keep your paperwork and processes in order, a Remote Audit is incredibly beneficial. Work with our professional auditors to stay ISO compliant.
Learn More
October 16th, 2020
Clients sometimes ask Cavendish Scott for advice on the best software for ISO. They generally seem to be hoping for a package that will provide the architecture for their standards, so they can simply follow all the prompts, check all the boxes, and thereby pass all their audits.
This expectation is realistic in some ways. Any good software package will lighten part of the burden of ISO. For example, with the right input, software can automatically send reminders and generate calibration databases. It’s essential in complicated systems and helpful in situations involving large, complex data sets. Sometimes in regulatory situations software can help clients make sure they don’t miss anything.
ISO Is Not Only About Software
But anyone who knows Cavendish Scott is aware the firm doesn’t take a check-all-the-boxes approach, but instead emphasizes systems and processes that result in success. With Cavendish Scott, the goal is success. Systems and processes are the means of reaching success, and software is one tool.
ISO is about discipline, organization and doing things right, not software.
Cavendish Scott recommends that clients first develop their strategy and processes and then consider how software may help those processes. Alternatively, Cavendish has observed that it’s sometimes helpful to develop strategy and processes, implement them manually, and then consider what software could make implementation easier without compromising quality. Clients may even find that software would be unnecessary or, in rare cases, a hindrance.
Comparing Software Packages for ISO Certification
The selection of software packages is as individual as the management systems they support.
Most clients find Microsoft Office includes all the common tools and does everything needed to support their systems. Outlook can be used for communications and Excel for databases. Microsoft Teams is great for online collaboration with auditors and others. The flexible programs can be set up in minutes and customized as needed.
But Microsoft Office and similar packages are generic. Software designed more specifically for ISO may make some jobs easier. For example, a specialized program may include a structured calibration database where analyses are readily available, whereas the same database would need to be set up and analyzed manually in Excel. Quality management systems for medical devices are highly specialized and regulated, so specific software may help organizations in this sector stay in compliance and in business.
For clients who have made the decision to invest in software for use in support of ISO and success, Cavendish Scott recommends the following:
As a first step, develop a document similar to a request for proposal. Specify the features that are most important for the success of your management system. Be sure to include among the capabilities smooth integration with your organization’s software for accounting and enterprise resource planning, or ERP.
Second, compare three to six different solutions so you can select the one that performs best for your situation. Be sure to think beyond the next audit cycle. Consider whether the software will meet organizational needs at least three to five years in the future, and what the expense may be to keep up to date.
Make your software part of your strategic plan.
Cavendish Scott cautions clients against blindly relying on software that is bundled with an ISO solution package. The result can be that the client is stuck with software that isn’t right for the management system and isn’t flexible enough to be modified as needed. This approach may serve as a quick fix in getting certified at one point, but it’s not helpful to achieving long-term success.
Whatever software is selected, clients need to recognize its limitations. Software can reveal data and help in identifying problems. But human involvement is needed to effectively analyze problems and take actions that result in improved processes.
Strategize, Consider Generic, Shop Smartly
It makes sense for organizations to implement ISO with manual tools so they understand how things work, see what’s important, and get their hands dirty addressing the right things in the organization. Before deciding they can’t live without software, they should first address issues and fix problems.
After they identify the tasks that they want software to perform, they may first consider using Microsoft Office, which provides all the tools most organizations need.
But, for clients needing more specialized software, the best advice is to shop smartly, always keeping in mind that the goal is not making life easier, but designing for success.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certifications and standards.
Ready for Real Help with ISO? We Can Help You Go Beyond Software
Software is not a plug-and-play solution for ISO. Our professional auditors, consultants and trainers are here to help you implement the standards that will help your business thrive.
Learn More
August 11th, 2020
“Companies can go one of two ways with ISO certification,” says Gustave Anderson. “Some take the check-the-box approach. Cavendish Scott works only with those that take the change-the-company approach.”
The quality director for two manufacturers in Laramie, Wyoming, Anderson explains what he means, saying “It’s the difference between going to the gym and going to the gym and working out.” The check-the-box companies are missing 95 percent of the value of certification, he says.
Anderson got to know Colin Gray, president of Cavendish Scott, when the two of them took an 800-mile road trip through Wyoming, visiting Casper, Gillette, and other cities, doing ISO training and consulting.
At the time, Anderson was the assistant director at Manufacturing-Works, part of the Wyoming Business Resource Network. He felt it was important to make Wyoming manufacturers aware of ISO so that they could compete nationally and globally. He also wanted to support manufacturers that had certified in ISO 9001:2008 in meeting the 2017 deadline to update to ISO 9001:2015.
After such immersion in standards, it was only natural that Anderson would take on ISO responsibilities when he went to work in the private sector.
He first joined Avvid Corporation, a Laramie company that began in 1995 with four partners who then had day jobs at two different businesses. Approximately 14 people now work at Avvid, which offers design and computer-driven (known as CNC) fabrication of components for a range of products, including guns, aerospace equipment, and medical devices.
The Avvid website states the company “is large enough to serve BIG industry, yet small enough to make every customer feel important.”
With time, Avvid recognized a need for certain medical devices, not just components for devices, and in December 2019 Disruptive MedTech began to meet that need, specializing in orthopedic medical devices.
As 2020 began, plans were under way for both companies to become ISO certified. With its wider range of products, Avvid sought certification in both ISO 9001:2015 and ISO 13485 Medical Devices, while Disruptive MedTech sought certification only in 13485.
The original plan was to obtain all three certifications by the end of July 2020 and, despite the pandemic, the goal was reached ahead of schedule. Gray and one other Cavendish Scott consultant came for a face-to-face meeting to kick off an internal audit and the remainder was completed online.
“I’d seen Cavendish Scott work remotely when I was in my state job,” Anderson says. “They’re ahead of the curve technologically. I knew they wouldn’t miss a beat.” He adds that he hopes other clients will take advantage of this capability, along with its savings of time and money.
Even the external or certifying audits took place online and no deficiencies were noted.
Not only did Avvid and Disruptive MedTech pass their audits during the pandemic, but they also thrived. Both companies grew and, with the slowdown in elective surgeries, DMTI pivoted to add personal protective equipment to its product line.
One reason they were able to do so well, Anderson says, is standards helped them identify risks and understand opportunities. He says, “The process keeps you between your navigational beacons.”
Cavendish Scott is “an incredible resource that can help answer any question,” Anderson says. He talks to Gray often, saying they’re like partners in doing ISO.
Anderson, who continues to support other Wyoming manufacturers in meeting ISO standards, says persistence is important. Like going to the gym, he said, “You don’t quit when you’re tired. You quit when you’re done.”
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards. Additional information is available at cavendishscott.com.
Ready for Real Help with ISO? We Can Help You Go Beyond the Checklist
At Cavendish Scott, we do not take a check-the-box approach to ISO. Rather, we work with our clients to ensure processes and practices that help your business operate according to international standards that help you with efficiency, efficacy and profitability.
Learn More
July 6th, 2020
Imagine you have a business making widgets and at the heart of your processes is a room full of highly trained employees who perform ten complicated functions to transform raw products into the best widgets in the world. They’re your top fabricators.
Then, suddenly a global pandemic occurs. The demand for your widgets is higher than ever and all of the top fabricators are incapacitated. Where would you turn? Panic is not an option.
While the 2020 Covid-19 pandemic may not have had a significant effect on your actual business, it underscored the importance of having in place both written documentation of procedures and a plan for continuity of operations.
If you had written procedures and a continuity of operations plan, then you might just need to sanitize the workspace, hire some healthy people capable of following directions, train them, and put them to work. Or, if hiring people were not an option, you might need to have identified in advance personnel who could be reassigned to the fabrication room.
While ISO 9001:2015 doesn’t explicitly require much documentation, written procedures are necessary to prove to auditors that your business can continue despite potential disruptive factors. And, of course, they’re necessary to keep your business running when actual disruptions occur.
A good place to start with documentation is the list that was required by the 2008 version of ISO 9001. The six mandatory procedures requiring documentation under ISO 9001:2008 were:
Control of documents
Control of records
Internal audits
Control of non-conforming products
Corrective action
Preventive action
Processes, Procedures And Work Instructions
Additional procedures vary from one organization to another. Procedures may be considered in the middle of a three-part hierarchy, even though sometimes these are blended into just two parts or a single item. Generally, a process is a strategy while a procedure is a uniform method for executing a specific aspect of the strategy. Work instructions provide guidance to an individual on their role in carrying out a procedure or part of a procedure.
In writing procedures, Cavendish Scott recommends that several factors be considered, though not all apply to every procedure. These include:
The purpose of the procedure and how it fits into the process of which it is a part.
Who and what is involved in the procedure
The qualifications and role of each person
The machinery, equipment, and tools used and how they are used, along with detailed specifications
What resources are used, how they are used, and how they are changed through the procedure
What the product is
Where the procedure is performed
The standards required of the resources and final products
A glossary of terms
Redundancy is an important aspect of continuity of operations, so it’s also helpful to have some backup for the procedures. These may include the following factors, which can be included in the procedures:
Forms
Controls
Organization
Specific personnel
Procedures Exist Only If They’re Written
You may be tempted to forego written procedures and rely only on backups, but Cavendish Scott recommends against that. Nothing is as reliable as having written procedures and not having a written procedure is the fastest way to lose certification. The firm takes the stand that if a procedure is not in writing it doesn’t exist.
Writing procedures is consistent with the approach to business processes promulgated by William Edwards Deming and followed by Cavendish Scott. It part not just of being good but being good all the time.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards. Additional information is available at cavendishscott.com.
Make Sure You're On Point with an Internal ISO 9001 Audit
Cavendish Scott has been conducting ISO internal audits for 25 years. We have always followed a process approach having adopted it in principle right from the start. We teach thousands of auditors each year how to audit correctly. We are a certified training organization with the IRCA and are all qualified and practicing ISO Lead Auditors.
Learn More
June 16th, 2020
Ford Motor Company, which announced certification in 9001 quality management systems in the 1990s and in 14001 in environmental management systems around 2014, changed from producing vehicles to ventilators during the pandemic. ISO certification shows that an organization maintains a trustworthy level of management standards, which can be applied to new processes and lines of products.
Ways that ISO certification can help in a time of crisis include the following.
While fear and uncertainty prevail in a crisis, ISO certification inspires confidence. Employees and customers know the processes and products are good and that won’t change because of the crisis.
Because of their reputations, certified organizations are good candidates for new contracts. Companies that have already established a good reputation are more likely than their competitors to get contracts during rebuilding.
Best practices may be even more important during times of crisis. Certified organizations are experts in best practices and these may make the difference in surviving or thriving instead of shuttering at times of crisis.
In becoming certified, organizations master a model that can be applied regardless of their size or sector. When companies see that they are expanding or contracting or, as Ford did, changing sectors, they can still apply the model.
The plan-do-check-act approach helps make organizations nimble. This is one of the tools that help organizations adjust to the crisis and shift the model to their new circumstances.
Certified organizations are most likely to have connections that can support them in a crisis. In particular, clients that have received consulting, training, or auditing services through Cavendish Scott have already established channels of communication. They can readily receive additional support that’s customized to their needs. Cavendish Scott stands behind its services. Cavendish Scott also has an excellent history of taking its own business online and it is highly capable of helping clients do the same as much as possible.
Specific courses are available to help organizations prepare for crises. ISO already offers classes in safety (45001), continuity of operations (22301) and security of communications (27001), and a crisis management class is under development. While it’s too late to take these classes in preparation for the first wave of the COVID-19 pandemic, they could be useful in preparing organizations for the next crisis.
ISO and Cavendish Scott have both been able to be part of the solution during the COVID-19 pandemic.
ISO, in cooperation with the International Electrotechnical commission, has made available more than two dozen standards in read-only format. Most relate to technical areas such as medical electrical equipment, respiratory equipment, and biocompatibility evaluation. According to the ISO website, the standards are available freely “to support global efforts in dealing with the COVID-19 crisis.”
Cavendish Scott has remained available for remote training, consultation, and auditing, as well as onsite services with appropriate safety precautions.
Any organization that would like to improve its crisis management strategies by upgrading its standards may contact Cavendish Scott for assistance.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards. Additional information is available at cavendishscott.com.
Considering ISO Certification?
Cavendish Scott has been in the business of ISO for over 30 years, and we help dozens of businesses get ISO certified each year. Explore the options – we’re here to help.
Learn More
May 12th, 2020
Cavendish Scott auditors eat, breathe, and sleep ISO standards. When they’re not traveling to multiple client sites to conduct internal audits, they’re consulting about auditing and training auditors. All of this adds up to a tremendous benefit to clients.
To have a successful audit, the right people within an organization need to receive appropriate training and be supported in making and maintaining the tweaks and improvements needed to maintain certification.
Choosing Employees To Take Training
The number and role of in-house auditors vary among organizations, but usually, their functions include the following at a minimum:
Planning and scheduling internal audits, whether these are conducted entirely in-house or using Cavendish Scott (or a similar firm)
Serving as the point of communication for the registration auditor
Ensuring audit findings are reported to top management and corrective actions are taken and enforced
Managers do well to consider several relevant factors in selecting employees for training as auditors.
Independence is important. It’s best to assign at least one person to work full-time as an in-house auditor. Otherwise, auditing may take a back seat to other duties. Changes that were made in the immediate aftermath of an audit may give way to older habits. In addition, employees who audit the areas of their primary jobs may blind to needed changes or reluctant to suggest them. If it’s necessary for auditors to split their time between auditing and other duties, it’s best if they do not audit their own areas. Auditing teams can be helpful, too, as they can assist with culture change related to quality improvement.
Consistency is helpful. Career-oriented auditors who want to stay in a position over time are the best candidates for training. It doesn’t help to train someone who will leave the organization or move out of the auditing role prematurely.
Personalities matter. The best auditors are usually good listeners who like people and processes. They’re confident enough to deliver sometimes unwelcome news to top management. They’re observant, patient and smile easily.
Trainers Speak From Experience
Cavendish Scott offers a range of auditing courses, including customized options tailored to suit specific standards and individual organizations. For example, Cavendish Scott taught a three-day remote ISO 9001:2015 internal auditor course to 19 enrollees involved in microelectronics at a federal lab. Common Requests include ISO 14001:2015, ISO 13485:2016, and AS9100D. Classes may be taught remotely, on-site, or at Cavendish Scott offices.
In all cases, trainers speak from experience. They strengthen their points with personal anecdotes from actual audits and engage trainees through interactive activities. Often client documents are used for exercises and a live internal audit is conducted on processes of the client’s choosing. This allows for specific questions to be asked and advice from the instructor to be given about scenarios described by the client.
From Classroom to Implementation
Putting the knowledge gained in training to work in an organization is essential to successful audits.
Whether they are in-house or from a firm like Cavendish Scott, internal auditors provide guidance and direction on changes that need to be made to keep an organization compliant with standards. Auditors must be independent and observant enough to see what needs to be done. They also need to have enough influence to see that management follows through on their guidance.
Cavendish Scott is an approved training partner of the International Register of Certified Auditors, or IRCA. While not all of the many courses available are individually IRCA-approved, Cavendish Scott follows the IRCA principles based on the company’s commitment to professional and effective training.
Ready to Explore Options for Auditor Training?
Look into options for selecting and training your in-house auditor(s). We offer training on a rolling basis, and can train your team remotely as well!
Learn More
April 10th, 2020
Auditors at various levels are essential to maintaining certification in ISO standards. Cavendish Scott offers training and guidance that can help all aspiring auditors whether they want to perform audits as company employees, help conduct internal audits for companies like Cavendish Scott, or work as lead auditors for certifying organizations.
Lead Auditor Training
The most important course for aspiring auditors to take is the one related to the International Register of Certified Auditors, IRCA ISO 9001:2015—Lead Auditor Training. Cavendish Scott was the first source in the U.S. to offer this class, which is recognized by auditor registration organizations including Exemplar Global. It is essential for registrar auditors and those involved in auditing a quality management system, especially those who interact with lead auditors from certifying organizations.
Before taking the course, participants need to have a solid background in ISO standards, something they can achieve with support from Cavendish Scott. For those who wish to take the IRCA exam and become IRCA registered auditors, IRCA requires knowledge of the following:
The Plan, Do, Check, Act, or PDCA, cycle
The core elements of a management system and the interrelationship among top management responsibility, policy, objectives, planning, implementation, measurement, review, and continuous improvement
The fundamental concepts and the seven quality management principles presented in ISO 9000
The relationship between quality management and customer satisfaction
Commonly used quality management terms and definitions, as defined in ISO 9000
Knowledge of the requirements of ISO 9001
Over the 40 hours of training in IRCA ISO 9001:2015, participants learn from experienced Cavendish Scott instructors who are working in the development, implementation, and auditing of quality management systems. The course includes exercises, group work, role-playing, and a live audit of a local company. Participants leave with all of the comprehensive course materials, including checklists, forms, and other tools.
What Cavendish Scott Seeks
From time to time, Cavendish Scott needs to expand its contingent of auditors, either by adding full-time employees who act as consultants and auditors or by hiring contract auditors for specific assignments.
Ideally, applicants for full-time positions have experience with ISO9001, ISO 13485, ISO 14001, and other standards, as well as experience in auditing. Whether applicants have gaps in experience or not, all new hires receive training and support as needed so they can conduct audits with colleagues and on their own. Full-time applicants also need to have a base in Colorado and the ability to travel extensively, usually five to ten days a month within the U.S,
Cavendish Scott contract auditors are reliable, trustworthy professionals and they usually have auditing, but not consulting, clients with whom they’re already working. Contractors are often required to travel and they are sometimes able to transition into full-time positions with Cavendish Scott.
Openings are posted as they become available on our employment page . Applicants should submit emails of about 10 lines or 300 words expressing their interest and telling briefly about themselves and their qualifications. While technical requirements are important, Cavendish Scott is most interested in personality and overall ability.
Considerations Around Lead Auditing For Certifying Organizations
Requirements for lead auditors are somewhat vague, but registrars generally prefer that the people they hire as with contractors or full-time auditors are certified either by IRCA or the Registrar Accreditation Board and Quality Society of Australasia. Additional qualifications may also be valuable, as explained in our FAQs How Do I Become an Auditor .
Those who seek to work full-time as lead auditors for certifying agencies often find the work is scarce, poorly paid, disrespected and grueling. Most who complete lead auditor training add the qualification of lead auditor to their resumes and employers understand the value that reflects.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards. Additional information is available at cavendishscott.com.
Auditor Opportunities
Seeking an opportunity to become a Lead ISO Auditor? Explore the options with Cavendish Scott by clicking below to review our current openings.
Review Open Positions
March 9th, 2020
One of the most important decisions organizations face when planning their annual internal audits is whether to perform the function in-house or call in professionals. Without question, Cavendish Scott recommends professional, full-time auditors.
Pros Bring Depth of knowledge
All Cavendish Scott auditors take the 40-hour IRCA-accredited ISO 9001:2015 lead auditor class and pass the IRCA exam. But that’s only the beginning. The most experienced Cavendish Scott auditors spend significant amounts of time mentoring and training each new auditor.
Advantages Of A Pro Audit
Advantages of Cavendish Scott audits include the following.
Breadth of experience : Other responsibilities often leave in-house auditors with little time for audits. On the other hand, each Cavendish Scott auditor is involved in approximately 50 to 70 audits a year, working with organizations of various sizes and in a range of industry sectors. The exchange of knowledge and understanding that comes from working in teams further extends the breadth of experience they bring to audits.
Outside perspective : Whether it’s a process or a material object, something that’s been around for a while can be taken for granted. In a typical example of an internal audit performed by Cavendish Scott, there was a hodge-podge of uncontrolled documents on walls and machines. They were so much a usual part of the environment that personnel no longer noticed them. When the auditors arrived they were immediately drawn to the discordant display.
Inside neutrality: Internal auditors have a position within the hierarchy of their organizations. Especially when changes are in order, it’s difficult for personnel to audit leadership and management even though that’s part of a full-system audit. Cavendish Scott auditors are always willing to speak truth to power when reporting to organizational leadership.
Lack of disruption: Because an internal audit by Cavendish Scott requires minimal time from a client’s staff, disruption of usual operations is also minimal. Whenever possible, Cavendish Scott conducts simultaneous audits for organizations that are certified in multiple standards. When needed, several personnel are assigned to an audit, expediting its completion.
Ongoing support : Cavendish Scott auditors are full-time employees, not subcontractors. Because they work in teams, clients can always reach someone to help with their concerns, even if their primary consultant isn’t available. Besides being available for the duration of an audit, Cavendish Scott auditors are available for additional support as needed.
Sound Advice on Corrective Action: Cavendish Scott auditors provide coaching and teaching while auditing. They identify improvement opportunities and best practices and address issues and problems that go beyond minimum requirements. In one case an auditor noticed that the terms and conditions a client had issued contained a serious penalty for not meeting an on-time delivery. By pointing this out, the auditor saved the grateful owner from potentially thousands of dollars in penalties.
Readiness for other audits: In most sectors, certification is voluntary, but maintaining certification for any organization requires at least two kinds of audits. In addition to internal audits, external or registration audits are required for all and second-party audits are required for some standards. When followed, the advice offered by Cavendish Scott auditors positions clients well for good outcomes on other audits.
Pro Audits Mean Quality Management
Cavendish Scott has sometimes performed internal audits for a few years for clients who then decide to perform the function in-house. Then something happens. They don’t get the internal audits completed or they soft-pedal the audit, maybe because they don’t report findings or they don’t know what to look for. When the registrar comes in for their annual audit, major nonconformities are identified, jeopardizing certification and possibly leading to a panicked phone call to Cavendish Scott.
Cavendish Scott finds that a proactive plan that includes professional internal audits provides valuable protection for clients’ investment in ISO certification and is an essential element of a quality management system.
ISO 9001: Setting the standard for quality
ISO 9001 is applicable for organizations of all sectors, sizes, and types. With the latest updates in 2015, it is now even more generalized for all enterprises; large and small. Get started today!
Learn More