Archive for the ‘Business Management System Tools For Today’ Category
ISO 9001: Determine the necessary competence for personnel performing work affecting conformity to product requirements (Section 6.2.2 a)
There are two excellent reasons to train employees to your quality management system and your processes:
• Every employee can have potential impacts on the QMS; and
• It is a requirement of ISO 9001:2008 and virtually any well functioning quality system
Each person and function within your facility plays a critical role in the quality management system. For this reason, your training program should cast a wide net. Every employee and manager should be aware of the quality policy; the significant impacts of their work activities, key quality roles and responsibilities, procedures that apply to their work, and the importance of conformance with ISO 9001 requirements. Employees should understand the potential consequences of not following the requirements of the QMS (such as poor product performance, reduced customer satisfaction, and loss of business).
All personnel should receive appropriate training and support to be competent at their work.
Training should be tailored to the different needs of various levels or functions in the facility. However, training is just one element of establishing competence, which is typically based on a combination of education, training, and experience. You should establish criteria to measure the competence of individuals performing tasks that can impact on the quality of your products.
Training is needed both in technical work and for general awareness on the part of all employees
To define requirements for each job position questions to ask:
- “What job-specific knowledge area(s) must be well understood by someone in this job?”
- “What manual, mental or interpersonal skills must an employee have to do this job well?”
- “What natural abilities or talents must someone possess to be effective in this job?”
The result from this exercise is a list of competencies for the job that can be used for hiring purposes and subsequent training and development plans. Once the list is prioritized to include only the most critical competencies, you will need to document them in some appropriate manner (job descriptions, training matrix, or other means).
How Do You Define ‘Risk’?
Risk may be defined in terms of exposure to a hazard (an incident), likelihood of an incident occurring, and the consequences of the incident. It should be pointed out that the ‘outrage factor’ must be considered as part of the consequences of an incident. Public opinion of an organization can be greatly affected by the way it manages its risk,( especially in the area of Occupational Health & Safety). The outrage factor can greatly magnify risk.
Generally we cannot predict the consequences of an incident, so it is difficult to rate risks in order of importance, to provide a basis for distribution of resources to control risk. We can however, assess the likelihood of an incident by using statistics to measure probability in many cases.
In practice it is usually enough to identify hazards and take appropriate action to minimize the associated risk, based on reasonable expectation of the outcomes of exposure.
The term ‘safe’ is used to denote a situation or condition where there is minimal acceptable risk, i.e. where the risk is tolerable to stakeholders.
When determining what is acceptable risk, it is important to remember the ISO risk management principles:
- Risk management should create value
- Risk management should be an integral part of organizational processes
- Risk management should be part of decision making
- Risk management should explicitly address uncertainty
- Risk management should be systematic and structured
- Risk management should be based on the best available information
- Risk management should be tailored
- Risk management should take into account human factors
- Risk management should be transparent and inclusive
- Risk management should be dynamic, iterative and responsive to change
- Risk Management should be capable of continual improvement and enhancement
ISO 9001/AS9100, Why Do I Have To Conduct A Management Review?
Just as a person should have periodic physical exams, your QMS must be reviewed periodically to stay “healthy.” Management reviews are critical to continual improvement and ensure that the quality management system will continue to meet your facility’s needs over time.
The ISO 9001 standard states, the purpose of a management review is to review the Quality Management System to ensure its continuing adequacy, suitability and effectiveness. This should include an evaluation of the performance of the system based on existing data (review inputs), and should also address any decisions or actions necessary to improve the management system and its related processes (review outputs).
To make your reviews meaningful, such reviews should be performed at least annually, although they may be performed on a more frequent basis, including quarterly or even monthly. The frequency of these reviews is your choice, but I personally recommend that organizations with “newer” systems perform this function on a more frequent basis, at least for the first 18-24 months.
Records of these reviews should be maintained in accordance with your documented control of record procedures. These records should include, the date of the review, participants in the review, criteria by which the system is measured, (Inputs), strengths and weaknesses of the system, and any decisions or actions that are required (Outputs). Such inputs should include, but are not limited to the following:
- Results of Internal Audits
- Customer feedback, both positive and negative
- Process performance and product conformity
- Status of corrective and preventive actions (Are they closed and are the actions taken effective)
- Follow-up of actions from previous management reviews (Are actions being completed?)
- Any changes that could affect the quality system (Personnel, facility, regulations, business direction etc.)
- Recommendations for improvement
Outputs from this review should include and decisions or actions related to the following:
- Improvement of the effectiveness of the QMS and its processes
- Improvement related to customer requirements
- Resource needs to support the QMS.
Calibration, What’s Missing from Your System?
Quality management system standards homogeneously have requirements for controlling the devices used to measure, verify, test, and accept product and monitor the processes used to achieve specified results. As a third party auditor it has come to my attention that everyone seems to miss something. It’s almost unavoidable. Perchance it’s because this process is by and large referred to as “calibration” and the rational image it invokes is associated primarily with things like micrometers, depth gages, and comparators. The process is often much more complex, addressing apt consideration for gages, thermostats, software, jigs, timers, known-good-samples – a multiple of devices for measuring product or process. Controlling monitoring and measuring devices must, therefore, include multiple aspects.
Some areas which you should consider when setting up your system should included:
*Identifying which devices need to be calibrated and which do not (you decide based on your quality criteria and your customer requirements).
* Defining the frequencies needed to insure calibration is well controlled
* Indicating the status of equipment; calibrated or out of calibration
* Determining alternate methods of “control”
* Determining what to include in the procedure
* How will you handle certificates of calibration
* Will you use outsourced calibration services and how will you control this if you do
* Defining storage and preservation criteria in your process
* Defining recall programs and contingency plans
ISO 9001 Lesson Learned
ISO 9001:2008 is the foundation of many of the quality management standards now available to organizations worldwide to help organize and maintain product and service integrity. The standard in and of itself, does not tell you “HOW “ to do anything but rather it tells you what quality programs and processes you need to establish to meet the requirements of the standard. For example: The standard has numerous passages which state the organization “SHALL” develop and implement something to comply with the standard. The organization “SHALL”:
- determine the processes needed for the quality management system and their application throughout the organization.
- determine the sequence and interaction of these processes.
- determine criteria and methods needed to ensure that both the operation and control of these processes are effective.
The quality management system documentation “SHALL” include:
- documented statements of a quality policy and quality objectives
- a quality manual
- documented procedures and records required by this International Standard
- documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
As you can see, nowhere in these requirements does the standard tell you exactly how to carry this out. Where many companies fall short when trying to interpret the actual intent of these requirements, is the planning process. How much documentation is enough and how will we satisfy these requirements so that what we say we do is actually what we do. A lot of the confusion comes from not understanding the standard, and then ultimately doing too much or too little. Most of the non-conformances that the third party auditor will eventually find, (90%), are written against the self imposed requirements of an organization, not against the standard itself. For example: Some companies buy document templates and insert their name here and there, but never modify the documents to meet their individual process needs. Every company is different, so you cannot buy a caned quality system without modifying it to your particular needs.
Get educated to the standard and or hire a business management consultant that can guide you through the process. ISO 9001 as well as most of the other standards out there does not have to complicated or overly time consuming. Get the most out of your system, and avoid the pit falls generated by lack of understanding.
ISO 9001 Follow-up For Effectiveness
The ISO 9001:2008 stand requires follow-up for effectiveness when corrective or preventive actions have taken place. Many companies do a great job of identifying corrective and preventive actions, some even excel at following through and completing these actions. But where most organizations fall short, is following up to see if what they have enacted, actually had the desired affect and corrected or prevented something from happening again or in the future.
Some organizations do follow-up for effectiveness, but never take the time to record the results of this activity. There are several areas in the ISO 9001:2008 which actually require follow-up actives take place:
1. Section 8.2.2 Internal Audit states 
follow-up actives shall include the verification of actions and the reporting of verification results.
2. Section 8.5.2 Corrective Action states that a documented procedure shall be established to define requirements for reviewing the effectiveness of the corrective actions taken, and records of the results of actions taken.
3. Section 8.5.3 Preventive Action states that a documented procedure shall be established to define the requirements for reviewing the effectiveness of the preventive actions taken, and records of the results of actions taken.
If you are certified to ISO 9001 or some other quality management system, my question to you is this; Why wouldn’t you want to know if the time and energy you put into implementing a corrective or preventive action actual paid off? If you are going to invest the time and money to have a quality management system which is certified to a standard, shouldn’t you get something out of it? Without the data to support your decisions, aren’t you just spinning your wheels?
Supply Chain Surveillance (Auditing Your Suppliers For Sustained Success)
Supplier auditing or supply chain surveillance is most effective and worthwhile for both organizations when approached through a shared partnership style. Traditional audits that “uncover” problems, inconsistencies and non-compliances then issuing corrective actions and/or penalties are costly, ineffective and outdated. The most effective surveillance systems will contain many business and quality management assessment elements including:
• Design management
• Reduced lead time initiatives
• Supply chain key measurable such as:
- Product and service delivery
- Product and service quality
- Corrective and preventive action reporting and resolution
• Financial strength
• Continuous Improvement
• Supplier chain management
• Price reduction initiatives
• Value-added project management
The goals of the surveillance process are to keep both organizations focused on sustained success, review additional opportunities and build the relationship. When done well, there should be no bombshells going off which could affect the overall success of both business entities. When the relationship adds value to both companies, then it should be developed. If this is not the case, and there remains adequate trust between the business partners, corrective actions can be made, or a beneficial exit plan devised. Business relationships are ever changing; as the business climate changes, supply chain relationships also will change. Supplier surveillance is an effective approach to managing these changes before they become problems.
My Customer Wants Us Certified to AS9100, HELP!
You are a small business owner who has just been told you must become certified to AS9100 in order to continue to receive business from your largest customer. You have been putting this off for some time, hoping you would be able to wait until the economy gets better. Now what, you have a deadline and you haven’t got a clue how to get there from here? The best advice, find a competent consultant and get some training to the standard.
Those organizations who recruit good consultants get the job done roughly twice as fast. By helping you avoid mistakes, a good consultant can help you get the job done faster. But only a good consultant can do this. Not all consultants are created equally, and it is important to select a consultant that is right for you. A reputable consultant works hard to ensure that you fully own your quality management system at the time of registration. Key services you will require, if you have no idea what you are doing or how you will do it are as follows:
1. Required documentation development and implementation
2. Training: Quality policy and objectives, Management review, Corrective and Preventive action, Internal auditing, AS9100 Overview, Risk analysis, Overview of the Complete QMS, Collecting and analyzing data.
3. If software is being used to facilitate and run your quality system, you will also need training and implementation services for this.
4. Implementation of a competency, awareness and training program, internal audit, corrective and preventive action programs, management review and overall continual improvement programs.
5. Conduct internal audits for entire system (all processes), one high level internal audit to the AS9101C checklist in preparation for registration audit.
This is just a short list of services that you may need to accomplish your goal of certification to AS9100. Depending on the size and complexity of your organization and processes more may be needed. A good consultant can help you determine your individual needs.
Root Cause Analysis and Continual Improvement
Root cause analysis is a class of problem solving methods aimed at identifying the root causes of problems or events. The practice of root cause analysis is based on the belief that problems are best solved by attempting to correct or eliminate root causes, as opposed to merely addressing the immediately obvious symptoms. By directing corrective measures at root causes, it is hoped that the likelihood of problem recurrence will be minimized. However, it is recognized that complete prevention of recurrence by a single action is not always possible. Thus, root cause analysis is often considered to be a repetitive process, and is frequently viewed as a tool of continuous improvement.
Root cause analysis, initially is a reactive method of problem detection and solving. This means that the analysis is done after an event has occurred. By gaining expertise in root cause analysis it becomes a pro-active method. This means that root cause analysis is able to forecast the possibility of an event even before it could occur.
A well implemented quality management system will include training and understanding of how root cause analysis tools and techniques can be used to promote continuous improvement.
Sustained Success, What Does It Take?
The new version of ISO 9004 is based on the principle that satisfying customers may bring success, but to sustain success organizations need to go the extra mile and satisfy the needs and expectations of all interested parties. It is an attempt at relating quality management principles to the quest for sustained success in an organization, but it does not add anything new by way of management principles. It is portentous that sustained success can be achieved by clever application of the eight quality management principles through a system of practically managed processes that:
- Continually monitor and analyze the organization’s environment
- Define the needs and expectations of interested parties
- Create and maintain a mission, a vision and values consistent with the needs and expectations of interested parties
- Clearly specify, implement and communicate a strategy and policies for fulfilling the mission and vision which supports the values
- Identify, provide and manage the internal and external resources needed for the achievement of the objectives in the short and long term
- Provide products that will continue to meet the needs and expectations of customers and other interested parties, on an ongoing basis.
- Regularly monitor, measure, analyze and review the performance of the organization