Posts Tagged ‘quality management system’
ISO 9001 Internal Auditing What, When, How?
Most companies understand the idea of auditing but not the concept of “Process Auditing” as expected to be compliant within both ISO 9001 and their own quality management system. Even companies that are currently registered to the standard may not have a thorough means for evaluating its processes through their internal audit program. Which processes are expected to be audited under ISO 9001?
The ISO 9001:2008 standard is quite vague as to what should to be audited or even how often these processes should be reviewed. The standard indicates that audits be carried out at planned intervals to determine whether the quality management system conforms to the planned arrangements, to the requirements of the standard and the organizations own quality management system requirements. So what is an appropriate interval for your company? Ask yourself,” What is the worst that can happen and where could it happen”? Where are we having the most problems now? Look at your interrelationship of processes and pinpoint the likely areas that have the most chance of resulting in non-conformance. Conduct a risk assessment to determine where the highest risks are, and which risks may produce the most significant impact on your product performance (Status and importance of the processes). Now audit these processes, interview staff, observe activities and view relevant records then determine if there are weaknesses and assign corrective actions. Go back to these areas after the corrective actions are put in place and determine if the actions have accomplished the desired effect. If the actions are effective, close out the audit and move on to the next process.
Don’t audit a process for the sake of having an audit record to show an auditor. If a process is functioning properly it does not need to be audited once a year. Nowhere in the ISO 9001 standard does it say you have to audit all of your processes once a year. You are in the driver seat, and you will determine what, when, and how you will audit your system.
ISO 9001 Is It Just Another Expense?
When I hear a manager say ISO 9001 is just another expense, I immediately know that this organization doesn’t have a clue what ISO 9001 is. Lip service is just that, if you put nothing into your quality management system, you will get exactly nothing in return. ISO 9001 is a quality standard which aims to guide an organization to understand its own business better so that it can meet or exceed its customer needs. By implementing a “successful” quality system the organization will see tangible improvements that lead to reduced costs and increases in market share.
How does this happen, the reduced costs and increased market share? Well if you think just because you plop a system in, you will instantly see the money, think again. This is a process, a process that develops and matures over time which is spurred on by increased awareness and understanding throughout the organization. As you learn more about your internal processes and link them to your customer needs, you will begin to reap the rewords of your efforts.
So get serious about your companies goals and how you will achieve them, (plan) your processes, work your system (Do), (Check) your progress toward achieving your objectives, and make the necessary changes along the way to keep on track (Act). If you are like so many other companies out there, you could use a little help getting started. There are plenty of quality consultants and classes that can do just that. But once you finally “GET IT; your system should become an effortless process that runs like a Swiss watch. This process should not add work or drain resources; rather it should run itself because it is how you do business every day.
Don’t get involved in ISO 9001 with the belief that it is just another expense. Make the process pay for itself by understanding, believing and promoting, and driving your goals and expectations to completion. Lead and you will succeed, or don’t and throw your money and future expectations away. One thing is for sure at the end of the day, if you don’t put your best foot forward, somebody else will.
ISO 9001: Management Review What’s It All About?
Section 5.6 if the ISO 9001:2008 standard requires that top management reviews the organizations quality management system in order to determine its continued suitability, adequacy and effectiveness. There are many ways to satisfy this requirement. Many companies miss interpret this passage to mean they must have a meeting specifically to satisfy this section of the standard. Some companies even go so far as to impose mandatory monthly meeting for this purpose. The standard does not say anything about a meeting, it says you must review the inputs and out puts of your processes at planned intervals.
You must decide how often it is necessary to carry out the review of the required inputs and outputs and how you will review them. You can have several meeting during a given time period during which you address one or more of the requirement at each meeting, (production meetings, customer service sales meetings, quality MRB meetings, annual state of the business meetings, safety meetings, etc). You may decide that top management can satisfy this requirement by individually reviewing the inputs and outputs of the QMS electronically and communicating the results to the organization through action plans to individual departments, group meetings, or supervisor dissemination to the work force. You may decide to go the traditional route and have scheduled management review meetings quarterly or yearly.
The key here is you must decide how and when, and then you must make sure this plan is carried out. When deciding, keep in mind the purpose of this exercise is continual improvement. Don’t invent an elaborate review process that does not add value, make it work for you.
Calibration, What’s Missing from Your System?
Quality management system standards homogeneously have requirements for controlling the devices used to measure, verify, test, and accept product and monitor the processes used to achieve specified results. As a third party auditor it has come to my attention that everyone seems to miss something. It’s almost unavoidable. Perchance it’s because this process is by and large referred to as “calibration” and the rational image it invokes is associated primarily with things like micrometers, depth gages, and comparators. The process is often much more complex, addressing apt consideration for gages, thermostats, software, jigs, timers, known-good-samples – a multiple of devices for measuring product or process. Controlling monitoring and measuring devices must, therefore, include multiple aspects.
Some areas which you should consider when setting up your system should included:
*Identifying which devices need to be calibrated and which do not (you decide based on your quality criteria and your customer requirements).
* Defining the frequencies needed to insure calibration is well controlled
* Indicating the status of equipment; calibrated or out of calibration
* Determining alternate methods of “control”
* Determining what to include in the procedure
* How will you handle certificates of calibration
* Will you use outsourced calibration services and how will you control this if you do
* Defining storage and preservation criteria in your process
* Defining recall programs and contingency plans
ISO 9001 Internal Auditing Success
The third party auditor will audit your system once or twice a year, so why do you have to conduct internal audits? The first and most obvious reason is, if you wait for the third party auditor to tell you your system is in trouble, you are missing the point of continuous improvement all together. The second reason is that the third party registrar does not consider the surveillance audit as an internal audit. The standard requires that “you” perform planned internal audits of your system based on status and importance of the processes and areas to be audited. If you do not know whether or not your quality management system conforms to your planned arrangements, or the standard, then how can you determine if you are improving? The ISO 9001 standard is based on the Plan, Do, Check, Act principle of continuous improvement. Internal Auditing is the “Check”, and without it you may never know when to act.
The internal audit process need not be a time consuming; there are many ways an internal audit can be accomplished. Every day we conduct countless audits without even knowing it. A manager who walks the plant floor may notice a process which is not working as intended, a worker may notice that the forms he, or she is using are outdated , receiving may find that the same supplier never send the correct paperwork with the products they provide; these are audits that never get documented. These audits are not planned, but they are audits none the less. The planned audits do not have to include all of the processes in your facility once a year, remember “Status and importance”. Go after the low hanging fruit first, (areas where you are having issues), then review the other areas as needed. Whatever you do, DO SOMETHING, or your entire quality system will fail to accomplish the goals and objectives you have set for your organization. My philosophy is simple, if you are going to invest the time and money to become certified, get the full value of certification or you will be wasting your resources for nothing.
ISO 9001 Paper or Software?
When setting up your quality management system it is important to understand your options and their advantages and disadvantages. I have been involved with developing and implementing ISO 9001 and AS 9100 quality management systems both through a manual paper system and an automated software system. Each option has very distinct advantages and disadvantages which can help you determine which way your organization should go.
Option # 1 the paper system. This system is best implemented in a small to mid size organization where control is easily maintained. A paper system can get extremely convoluted in larger companies, which can result in inadequate control and subsequent non-conformances during a third party audit. The key to implementing a successful paper quality management system is to keep it simple and manageable. If your system requires excessive maintenance it will become a burden which may result in the failure of the system to yield the continual improvement objectives that it was set up to achieve.
Option # 2 the software approach. This system is advantages in both small and large companies and offers the added advantage of organization and control for your entire quality management system. By setting up your system digitally you can automatically control revisions and distribution of your documentation. You will also be able to communicate non-conformances, progress towards objectives, internal audits, calibration control, preventive actions, and supplier control and customer satisfaction. Your only real limitation with this system is the level of access your organization is capable of providing. If the rank and file is unable to access the system it does you little good. The best digital systems are internet based SaaS systems which offer access anywhere, anytime to internal and external users such as customers and suppliers.
ISO 9001 Lesson Learned
ISO 9001:2008 is the foundation of many of the quality management standards now available to organizations worldwide to help organize and maintain product and service integrity. The standard in and of itself, does not tell you “HOW “ to do anything but rather it tells you what quality programs and processes you need to establish to meet the requirements of the standard. For example: The standard has numerous passages which state the organization “SHALL” develop and implement something to comply with the standard. The organization “SHALL”:
- determine the processes needed for the quality management system and their application throughout the organization.
- determine the sequence and interaction of these processes.
- determine criteria and methods needed to ensure that both the operation and control of these processes are effective.
The quality management system documentation “SHALL” include:
- documented statements of a quality policy and quality objectives
- a quality manual
- documented procedures and records required by this International Standard
- documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
As you can see, nowhere in these requirements does the standard tell you exactly how to carry this out. Where many companies fall short when trying to interpret the actual intent of these requirements, is the planning process. How much documentation is enough and how will we satisfy these requirements so that what we say we do is actually what we do. A lot of the confusion comes from not understanding the standard, and then ultimately doing too much or too little. Most of the non-conformances that the third party auditor will eventually find, (90%), are written against the self imposed requirements of an organization, not against the standard itself. For example: Some companies buy document templates and insert their name here and there, but never modify the documents to meet their individual process needs. Every company is different, so you cannot buy a caned quality system without modifying it to your particular needs.
Get educated to the standard and or hire a business management consultant that can guide you through the process. ISO 9001 as well as most of the other standards out there does not have to complicated or overly time consuming. Get the most out of your system, and avoid the pit falls generated by lack of understanding.
ISO 9001 Follow-up For Effectiveness
The ISO 9001:2008 stand requires follow-up for effectiveness when corrective or preventive actions have taken place. Many companies do a great job of identifying corrective and preventive actions, some even excel at following through and completing these actions. But where most organizations fall short, is following up to see if what they have enacted, actually had the desired affect and corrected or prevented something from happening again or in the future.
Some organizations do follow-up for effectiveness, but never take the time to record the results of this activity. There are several areas in the ISO 9001:2008 which actually require follow-up actives take place:
1. Section 8.2.2 Internal Audit states 
follow-up actives shall include the verification of actions and the reporting of verification results.
2. Section 8.5.2 Corrective Action states that a documented procedure shall be established to define requirements for reviewing the effectiveness of the corrective actions taken, and records of the results of actions taken.
3. Section 8.5.3 Preventive Action states that a documented procedure shall be established to define the requirements for reviewing the effectiveness of the preventive actions taken, and records of the results of actions taken.
If you are certified to ISO 9001 or some other quality management system, my question to you is this; Why wouldn’t you want to know if the time and energy you put into implementing a corrective or preventive action actual paid off? If you are going to invest the time and money to have a quality management system which is certified to a standard, shouldn’t you get something out of it? Without the data to support your decisions, aren’t you just spinning your wheels?
Supply Chain Surveillance (Auditing Your Suppliers For Sustained Success)
Supplier auditing or supply chain surveillance is most effective and worthwhile for both organizations when approached through a shared partnership style. Traditional audits that “uncover” problems, inconsistencies and non-compliances then issuing corrective actions and/or penalties are costly, ineffective and outdated. The most effective surveillance systems will contain many business and quality management assessment elements including:
• Design management
• Reduced lead time initiatives
• Supply chain key measurable such as:
- Product and service delivery
- Product and service quality
- Corrective and preventive action reporting and resolution
• Financial strength
• Continuous Improvement
• Supplier chain management
• Price reduction initiatives
• Value-added project management
The goals of the surveillance process are to keep both organizations focused on sustained success, review additional opportunities and build the relationship. When done well, there should be no bombshells going off which could affect the overall success of both business entities. When the relationship adds value to both companies, then it should be developed. If this is not the case, and there remains adequate trust between the business partners, corrective actions can be made, or a beneficial exit plan devised. Business relationships are ever changing; as the business climate changes, supply chain relationships also will change. Supplier surveillance is an effective approach to managing these changes before they become problems.
ISO 9001 Management Rep, Who Me?
Has this just happened to you? You walk into a staff meeting and it is announced that the company has decided to implement a quality management system and you will be the proud own of this system. Does a deer in the headlights come to mind as you struggle to catch your breath. How will I ever be able to run this program and do my real job too? I have little to no experience with ISO 9001 and I don’t have the foggiest idea of how to begin, Help!
Stop panicking and Liston up. ISO 9001:2008 is the newest version of the popular international standard that many manufacturing and service industries subscribe to. Some of the requirements in ISO 9001:2008 include:
- a set of procedures that cover all key processes in the business;
- monitoring processes to ensure they are effective;
- keeping adequate records;
- checking output for defects, with appropriate and corrective action where necessary;
- regularly reviewing individual processes and the quality system itself for effectiveness; and
- facilitating continual improvement
Take a lead auditor course, or hire a professional quality management consultant to help you implement your quality system. Depending on the size and complexity of your organization and its processes, you can find a competent consultant that can help you document your system, train your employees to the system and facilitate your management reviews and internal audits.
If you opt to go it alone, the best advise, get educated to the ISO 9001 standard. Some companies use templates to document their system. This can be a great time saver if done properly. The key with using templates is to make sure you customize them to your individual processes. Another option is software applications that help organize and manage your new system. One in particular that I have found helpful is CIS Software. This software application is an on line SaaS system which includes all of the required criteria of the ISO 9001 standard.
What ever you do, “KEEP IT SIMPLE”. Do not invent processes and producers that you will never use, these will be the land mines that will sabotage your certification efforts.