Wednesday, March 03, 2010

Are you not getting a ROI from your ISO system? NEW: The Management Review Dashboard!

Do you feel like you need to revitalize your management review meetings?
Do you have ineffective ISO management review meetings?
Is your ISO system stuck in a rut?
Do you realize all of the improvement that your ISO system is capable of providing?
Are your management review meetings a long, drawn out, waste of time?
Are you meeting your quality objectives? Do you even know how those objectives are trending month-to-month?
Does your management team tend to “kill the messenger” during management review meetings?
Are there issues in the company you just can’t seem to get a handle on?
As the quality manager, do you feel like you are the police and you are just heaping out bad news?
Do you even know if you are on the right track?

Finally a simple tool to help pull everything together…

The Management Review Meeting Dashboard

This automated, data driven tool, plus the shortened and formal ISO MR Meeting Agenda and the MR Meeting Tips for Success Guide, will put the train back on the tracks and stabilize your ISO system improvement metrics and audit results communication format.

What you get and why:

First, the ISO MR Meeting Agenda…if you are going to revitalize how your company runs its management review meetings with a new tool, then its best to not use the same old agenda.

Second, the MR Meeting Tips for Success Guide…this guide gives you an interpretation of the standards reasoning behind management review meetings, tips for MR meeting success and lays out common pitfalls to avoid. The guide was written by a member of The US TAG to ISO/TC 176 and the ISO 9001 Interpretations committee.

Last, the Management Review Dashboard…this easy to use application built with Microsoft Excel helps drive continual improvement and provides a window into your business metrics. The ability to see how your business is performing by using a dashboard will allow you to focus in on the areas necessary for improvement and will prevent you from wasting time in areas that are non-value added and that become time wasters.

View a video demo of the Management Review Dashboard here: (be sure to go to full screen mode upon the start so you can see the detail of the excel cells)


These three items are applicable to any business and any ISO standard. Even companies who are not registered to an ISO standard can use this tool to drive improvement and see their internal business trends.

The Management Review Dashboard, Agenda and Guide are $599.00.

Copy and paste the following link into your browser to order: http://www.shareit.com/product.html?productid=300378252

Labels: , , , , ,

Tuesday, March 24, 2009

ISO 9001:2008, Process Auditing, and ISO/TS 16949:2009 Webinars

I wanted to let you know about our upcoming webinars and training. IQC has recently published our webinar and training schedule for the remainder of 2009.

The next four webinars are:
-Transitioning to ISO 9001:2008, March 25
-Internal Auditing: Using the Process Methodology, March 26
-ISO/TS 16949:2009, what’s next in 2009, April 8
-AS9100C, the revision and new requirements, April 22

The price for each webinar is $139.00 per log in and every webinar is held from 1:30 PM EST/EDT to 3:00 PM EST/EDT. A Q&A session will follow each webinar. Please CLICK HERE to sign up.

Webinars are a cost effective way to attend an overview of a specific subject and ask questions from a subject matter expert. IQC will provide the presentation slides to all attendees.
Our next public training event in Dayton, Ohio is:
-ISO Internal Auditing, April 20-21, 2009 from 8:30 to 5:00 each day, Please CLICK HERE to sign up.

Have you lost internal auditors due to layoffs? Are you behind on your internal audits? IQC is here to help with our cost effective Outsourced Internal Auditing program.

Or if you need to implement a QMS or EMS to gain market share and improve quality in this tough economy, please contact me for a no pressure overview of our services.

Thank you and have a great day.

Labels: , , , , , ,

Update of the IATF Rules

Update of the IATF Rules.

What are the Implications for Organizations?

Surveillance audit frequency and planning: The 3rd edition formalizes the options for surveillance audit frequency, shown below:
6 monthly visits - 5 in 3 year cycle with a tolerance of -1 month/ +1 month
9 monthly visits - 3 in 3 year cycle with a tolerance of -2 months/ +1 month
12 monthly visits - 2 in 3 year cycle with a tolerance of -3 months/ +1 month

The frequency needs to be agreed between an organization and their certification body, and once agreed the frequency must then be fixed for the three year cycle (i.e. cannot change within the cycle) In the 2nd edition of the rules a lot of emphasis was placed on the auditor doing effective audit planning for the stage 2 audit. In rules 3rd edition a lot more emphasis is placed on planning surveillance and recertification audits. Prior to the audit, the auditor should request from the organization information to help in the planning of the audit. This should include details of any changes since the last visit (new customers, change in employee numbers etc), data related to performance against quality objectives, and customer satisfaction and complaint data. This will allow the auditor to prioritize areas to focus on during the audits, taking into account risk to the customer. For example, if an organization has three manufacturing processes, and data indicates that one process has more issues, the auditor should schedule time to investigate this, even if this process was not in the original audit plan. If the required information is not provided to the auditor by the organization, this could result in the certificate suspension process being instigated.

Auditor Rotation

Whereas Rules 2nd edition gave some flexibility on the requirement related to auditor rotation, the 3rd edition mandates that at the end of each three year audit cycle, a new auditor/auditors must be used for the next cycle. This has been reinforced to ensure continuing impartiality in the audit process, and ensure that auditors do not become "over familiar" with the organization being audited. Any deviation to this has to be agreed between the Certification Body and the relevant Oversight office.

Undertaking Audits

Rules 3rd edition does not identify any significant changes in the way an audit should be undertaken, and still mandates that auditors utilize the process approach to auditing. Further clarification is given regarding opportunities for improvement and is defined as:"An opportunity for improvement is a situation where the evidence presented indicates a requirement has been effectively implemented, but based on auditor experience and knowledge, additional effectiveness or robustness might be possible with a modified approach" There needs to be clear evidence recorded by the auditor that the situation in question meets the requirements of ISO/TS164949 (i.e. is not nonconforming). The auditor cannot recommend specific solutions as this may be seen as consulting. For the recertification audit, the 3rd edition of the Rules stress the auditor should look at the performance of the management system over the period of certification, and include the review of previous surveillance audit reports. Whereas surveillance audits would have sampled the processes of the management system, the recertification audit looks at:

The effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification

The demonstrated commitment from Top Management to maintain the effectiveness and improvement of the management system in order to enhance overall performance
Whether the operation of the certified management system contributes to the achievement of the client's policy and objectives

The effective interaction between all the processes defined in the quality management system and the overall effectiveness of the management system

Timing of the recertification audit is critical. It has to be timed in such a way that allows an organization to complete corrective action, to address any non-conformance found, prior to the expiration date of the certificate. The visit should be scheduled by the Certification Body three years from the date of the stage 2, or last recertification audit, +/- 3 months.

Transfer of Registration

The rules 3rd edition gives clear requirements in the event that an organization wants to transfer registration to another certification body. This includes:

The certification body shall ensure that clients applying for transfer have not transferred from another IATF recognized certification body within the previous three (3) year period

The new certification body shall be recognized by IATF, the existing certificate shall be valid, with all existing nonconformities considered to be 100% resolved

The client cannot be in any IATF OEM special status condition, or have their current ISO/TS 16949:2002 certification in suspension, cancelled or withdrawn status

The client shall provide the new certification body with the previous audit report and all findings issued by the existing certification body for the site and any remote support functions

The new certification body shall perform a review of the provided audit report and all findings

The new certification body shall perform a basic document review and a review of key indicators of quality management system performance

The new certification body should ensure the audit team members, if subcontracted, have not previously audited the client

The new certification body shall complete all transfer activities and a transfer audit including closure of any nonconformities and a certification decision prior to the next scheduled surveillance audit with the previous certification body or the expiration of the existing valid certificate

The new certification body shall conduct the transfer audit, which is equivalent in audit days to a recertification audit
Upon satisfying all the requirements for certification a certificate is issued by the new certification body and a new Three (3) year audit certification cycle begins

Conclusion

In summary most of the changes in the Rules affect the certification bodies, not directly an organization. However organizations should be familiar with the Rules and it is strongly recommended that certified organizations read a copy.

Labels: , , , ,

Monday, July 21, 2008

ISO 9001:2008 News

The new edition of ISO 9001 is being submitted for voting as a final draft international standard. Subject to formal approval by the ISO membership, the publication of the revised version is expected to be published this fall.

The proposed ISO 9001:2008 doesn’t introduce additional requirements compared to the last edition in 2000 and doesn’t change the intent of ISO 9001:2000.


The draft international standard was approved at the May 19–23, 2008, meeting of ISO technical committee ISO/TC 176—“Quality management and quality assurance,” held in Novi Sad, Serbia, and hosted by ISS, the Serbian national standards body. ISO 9001 will be circulated in July as a final draft, on which ISO’s national member bodies as a whole may vote.


ISO 9001 provides the requirements for a quality management system (QMS), which is a framework for an organization to control its processes to achieve objectives including customer satisfaction, regulatory compliance, and continual improvement. Organizations that implement the standard can choose to have their QMS independently certified as conforming to the requirements of ISO 9001, as a means of increasing the confidence of their business partners, customers, and regulators in their products and services.


Although certification isn’t compulsory, it’s estimated that more than one million ISO 9001 certificates have been issued to organizations in 170 countries. The new edition will not require any specific reassessment for certification.

ISO 9001:2008 will be the fourth edition of the standard, which was first published in 1987. The third edition, published in 2000, represented a thorough revision, including new requirements and a sharpened customer focus, reflecting developments in quality management and experience gained since the publication of the initial version.

ISO’s rules for the development of standards require their periodic review. Compared to the 2000 revision, ISO 9001:2008 represents fine-tuning, rather than a thorough overhaul. It introduces clarifications to the requirements existing in ISO 9001:2000, based on user experience over the last eight years, and changes that are intended to improve further compatibility with the ISO 14001:2004 standard for environmental management systems.

To accompany the publication of the new versions, ISO is now working on implementation guidance for ISO 9001:2008, a reference table comparing and contrasting ISO 9001:2000 and ISO 9001:2008 and answers to frequently asked questions. ISO is collaborating with the International Accreditation Forum (IAF) concerning accredited certification.

ISO 9001 is one of 17 standards (plus a corrigendum) developed by ISO/TC 176 on quality management supporting tools. These include ISO 9004:2000—“Quality management systems—Guidelines for performance improvements,” which is undergoing revision and expected to be published as a new edition in 2009.

Watch here for our Webinar on the FDIS coming September 10, 2008. www.4iqc.com

To purchase the IQC ISO 9001:2008 ebook use the following link: http://www.4iqc.com/Services/ISO9001_2008.htm

Labels: , , , ,

Tuesday, April 22, 2008

Quality Objectives are Business Objectives

Are you having a difficult time identifying quality objectives for your organization? Think about your business.

According to ISO 9000:2005, 3.2.5, a quality objective is something sought or aimed for, related to quality. ISO 9001:2000, 5.4.1, states your quality objectives must be measurable and consistent with the quality policy.

Clause 5.3 of ISO 9001:2000 says your quality policy is a framework for establishing quality objectives. It also says that the policy must include a commitment to 1) comply with requirements and 2) continually improve the effectiveness of the quality management system. Using the quality policy as a framework, you would have a quality objective to measure the degree to which requirements are being met, as well as, a quality objective that measures the results of the quality management system.

If your quality policy identifies other important areas, for example, product reliability, you would be expected to have another measurable target for product reliability. ISO 9001:2000, clause 8.2.1, says a required performance measure is for customer satisfaction.

Remember, goals are conditions to be achieved in the future. They should be defined consistent with your vision and mission. Goals are established to guide your decisions and actions. They don't change as much as objectives. Your objectives must involve measurable results to achieve your goals.

Objectives are focused on critical issues and milestones. They describe the activities and targets to achieve your goals. They even identify the dates for completing the activities. They are measurable in terms of being achieved, or not. For example, a general goal might be to reduce waste. The related, specific objective might be to reduce rework from 10% to 5% by the end of 2008.

Depending on your industry, you might consider quality objectives such as:

Scrap Rate = Product Rejects / Products Produced
Return Rate = Products Returned / Products Shipped
Complaint Rate = Received Complaints /Total Customers
Customer Satisfaction Index = (Questions x Ratings) /Surveys Returned
On-time Delivery = Deliveries by Due Date / Deliveries Scheduled
Design Stability = Change Requests / Product Releases
Service Quality = Defective Transactions / Total Transactions
Requirements Traceability = Traceable to Design / Total Requirements

Some of these metrics would be expressed over a period of time, e.g., complaints per customer per year. And, some values may be multiplied by 100 to give a percentage. Also, the objectives don't have to be variable measures. You could include installation of a new MRP System by the end of 2008 as an objective.

Be careful how you set these objectives and how you communicate them. You might find people actually manipulating processes to achieve the desired results, especially if the numbers are used to evaluate employee performance. When handled poorly, performance targets can result in internal competition and a lack of cooperation. In fact, a specific process objective can be optimized at the expense of overall system performance.

If a target is perceived as arbitrary, and set beyond the capability of the process, it may lead to employee frustration, reduced morale, and even lower performance. Individuals must feel they have some control over the outcome for an objective to actually promote improvement. The objectives should help monitor and control the processes, not the people.

Have a Business / Strategic Plan? These objectives should be based on comprehensive strategic planning. You should define measures to help identify needed process improvements and to grow your business.

Labels: , , , , ,

Monday, March 24, 2008

ISO 9001:2008 eBook / Presentation Available for download

Available for purchase is IQC's ISO 9001:2008 eBook discussing the revisions for the next version of ISO 9001 for $31.25 US.

The ISO 9001:2008 eBook was written by George Hummel, IQC's CEO, who is on the US TAG to ISO/TC 176, the US committee responsible for the revision and updating of the ISO 9000 family of standards.

To purchase this eBook, please go to:

http://stores.lulu.com/store.php?fAcctID=2046642

Thank you very much.

To listen to Mr. Hummel explain the changes, sign up for IQC's ISO 9001:2008 webinar:

http://www.4iqc.com/Services/ISO9001_2008.htm

Labels: , , ,

Why does confusion reign with records? A look at Records Management

ISO 9001:2000 addresses the control of records, but only includes three sentences of requirements:

1. Records must be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system.
2. Records must remain legible, readily identifiable and retrievable.
3. A documented procedure must be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.

If you want to know more about records management than included in ISO 9001:2000, you should look at
ISO 15489-1:2001, Information and Documentation - Records Management.

Records:
According to ISO 15489-1:2001, records are information created, received, and maintained as evidence in pursuance of legal obligations or in the transaction of business. Records contain information that is a valuable resource and an important business asset. A systematic approach to managing these records is essential to protect and preserve them as evidence of actions.

A records management system results in a source of information about business activities that support subsequent activities and business decisions, as well as, ensure accountability to present and future stakeholders.

Records Management:
ISO 15489-1 defines records management as the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.

Policy:
Organizations should define and document a policy for records management. The objective of the policy should be to create and manage authentic, reliable and usable records that are capable of supporting business functions and activities for as long as they are required.

Authenticity:
An authentic record is one that can be proven to 1) be what it claims to be, 2) be created or sent by the person purported to have created or sent it, and 3) be created or sent at the time indicated. To ensure the authenticity of records, an organization should implement and document policies and procedures that control the creation, receipt, transmission, maintenance, and disposition of records.

Record policies and procedures should ensure that record creators are identified and authorized, and that records are protected against unauthorized addition, deletion, alteration, use, and concealment.

Reliability:
A reliable record is one whose contents can be trusted as a full and accurate representation of the applicable transactions, activities, or facts. They can be depended upon during subsequent transactions or activities as being reliable. Records should be created at the time of the related transaction or incident, or soon afterwards, by individuals who have direct knowledge of the facts, or by instruments routinely used within the business to conduct the transaction.

The system that manages the records should be capable of continuous and regular operation in accordance with applicable procedures and provide ready access to all relevant records.

Integrity:
The integrity of a record refers to its being complete and unaltered. Records must be protected against unauthorized changes. Policies and procedures should specify what additions or annotations may be made to a record after it is created, under what circumstances they may be authorized, and who is authorized to make them. Any annotation, addition, or deletion of a record should be explicitly indicated and traceable.

The record system should include controls for access monitoring, user verification, authorized destruction, and security to prevent unauthorized access, destruction, alteration, or removal of records.

Usability:
A usable record is one that can be located, retrieved, presented, and interpreted. The record should be capable of being connected to the business activity or transaction that produced it.

While you will probably never have an audit of your QMS or EMS delving as deeply into Record Control as the above might indicate, I would suggest an Opportunity for Improvement based upon ISO 15489-1. Use the document to ensure that you have legal, secure and manageable records.

Labels: , ,

Wednesday, February 27, 2008

Application of Clause 7.3 - Design and Development

Application of Clause 7.3 - Design and Development

Ever since ISO 9001:2000 replaced the 1994 editions of ISO 9001, ISO 9002, and ISO 9003, it has been a struggle for companies to decide if their quality management system includes design and development. As a result, the International Accreditation Forum (IAF) issued the following guidance:

If an organization has responsibility for, and performs or outsources the design and development of products that are within the scope of its certification, then clause 7.3 of ISO 9001:2000 shall be included in the quality management system.

When assessing the validity of a request to exclude clause 7.3 from the system scope, the IAF points to the ISO 9000:2005 definition of design and development: a set of processes that transforms requirements into specified characteristics or into the specification of a product, process, or system.

If an organization is not provided with the product characteristics needed to plan its product realization processes and has to define those characteristics based on customer (or regulatory) requirements, then this is, by definition, design and development.


An organization may have the responsibility and authority to make changes to the product specification or to the product characteristics, even though it was not responsible for the original design and development process. In this situation, some requirements of clause 7.3 may not be applicable, but clause 7.3 cannot be excluded in its entirety.

An organization may not be responsible for the design and development of all the products within the scope of the quality management system. Clause 4.1 applies if an organization chooses to outsource the design and development process.


Although design and development has traditionally focused on tangible products, it is equally applicable when the product of an organization is a "service".

Labels: , ,

Monday, February 11, 2008

Management Commitment

During a discussion in a recent management review, a CEO asked me for some guidance on ways to demonstrate “management commitment” beyond what is written in the standard (ISO 9001:2000, 5.1). I’d like to share what I discussed with the CEO:

1. First, be a “learner.” Determine your customer needs and expectations. Set the tone by constantly seeking out what is important to the customer.
2. Then, “imagine.” Envision the policy and objectives to meet those customer needs and expectations and achieve your vision.
3. You must be a “planner.” Formulate your strategy to achieve those objectives and manage change along the way.
4. “Share” – communicate the direction! Share your values regarding quality. Provide people with the information they need to do their jobs.
5. A CEO should be a “trainer” to ensure that people have the necessary competencies to operate the quality system effectively and efficiently.
6. “Manage” by adopting the process approach to see that system processes are working together to meet the objectives.
7. Be more than a manager, be a “leader.” Direct the organization by personal example, establishing unity of purpose and trust.
8. Build trust by “support.” Create an environment that encourages people’s involvement. Give them support by providing the necessary resources.
9. “Delegate” responsibilities and provide authority. Then hold people accountable.
10. “Participate” in implementing and maintaining the quality system. That way, there is a clear signal about what’s important.
11. Get out of your office and “observe” the work being performed. See for yourself what obstacles and frustrations your people face.
12. At the same time, “listen!” Be willing to hear concerns, get feedback on system performance.
13. Be a “promoter” by raising awareness of customer requirements. Expect results, but be patient.
14. “Measure” those results!
15. “Analyze” that data and look for patterns. Request improved performance.
16. “Review” the performance of the whole quality system on a regular basis.
17. Make informed decisions and “act.” Follow up where needed.“Improve” continually. Monitor gains and set higher targets.

Labels: ,

Thursday, January 24, 2008

Is an “eAudit” in Your Company’s Future?

With the increasing use of the internet for the operation and control of management systems, first, second and third party auditors need to consider new ways to efficiently and effectively verify conformity to quality & environmental management system criteria.

The most obvious example would be multi-site organizations. Audits could include remote access to electronic documents and records to save travel time and dollars. Furthermore, the remote access can be carried out without taking the time of anyone at that remote facility.

Some organizations are already conducting remote audits using collaboration tools like Plexus Online and eAuditPack (TM). To evaluate how these e-Audits work, we can see how a remote audit would examine the four primary types of evidence: Documents, Observations, Records and Interviews:

Documents: With the proper authorization, auditors are reviewing the remote location's electronic documents while planning the audit and also see them during the execution of the audit. However, use of a collaboration tool and/or a teleconference does not allow the auditors to see if any uncontrolled or obsolete documents are in use.

Observations: Since the audit is remote and cameras are not be available for full viewing of the facility, auditors are not be able to see if the work is being done per the organization’s planned arrangements and, just as important, what’s going on around the area being audited. So, evaluating conformity is limited to what can be judged through interviews and electronic records. Auditors do not see poor housekeeping at the site or observe body language during interviews.

Records: If an organization creates electronic records and scans hardcopy records into electronic format, these records are available for remote access by the auditor. However, some companies may have a significant number of completed forms that are kept as hardcopy records. Even if the auditor requests some of these hardcopy records be scanned for the audit, the auditor would not be actually selecting the sampled records.

Interviews: In many traditional audits, the employee being interviewed can be reluctant to have their answers recorded electronically. As a result, an auditor will write an abbreviated version of the comments in the audit notes.

In the case of the remote audit I conducted from Dayton of an organization in Brazil, we used a telephone to speak to each other and electronic transmission of records. The conversation was not recorded. I captured the responses in my notes, as with a traditional audit. However, I wasn’t able to observe the body language during the interview. Even if a video feed had been available, what could have been gained through observation would have been limited.

Auditor Competence
The auditors must have the necessary competence to carry out an e-Audit. They will need time allocated to familiarize themselves with the electronic management system and collaboration tool. The auditors must be given the access instructions and security clearances needed to view the relevant documents and records. And, the auditors must be reminded of the need to protect the confidentiality of the electronic data during and after the audit (Client property!).


Third Party Audits
What about the use of e-Audits by certification bodies? Will the duration of third-party surveillance audits be reduced by, or in some cases be replaced by, remote audits? Let's look at what the ANAB accrediting body has to say on the subject:


ANAB Advisory 1
The ANSI-ASQ National Accreditation Board (ANAB) has issued an Advisory that states it supports a certification body (CB) applying the Advanced Surveillance and Reassessment Procedures (ASRP) and Computer-Assisted Audit Techniques (CAAT) described in the International Accreditation Forum (IAF) guidance documents.The Advisory explains that the application of ASRP and/or CAAT will vary for each CB and for each client depending upon the capabilities of the CB and client; therefore, each application must be reviewed and approved by the Accreditation Committee of the Accreditation Council.


1. The CB must document its proposed ASRP or CAAT audit program for the client, consistent with the applicable IAF guidance.
2. The CB must document how the audit program varies because of ASRP or CAAT (i.e., how it varies from an audit program for the same client without ASRP or CAAT).
3. The proposal must be reviewed and accepted by the ANAB executive assessment team leader prior to its submission to an Accreditation Committee of the Accreditation Council.
4. The CB and its client must make a presentation to the Accreditation Committee at a face-to face meeting or by electronic means explaining the program and answering any questions.
5. Immediately following the presentation, the CB and its client will be dismissed, and the Accreditation Committee will make its decision, which may or may not include conditions, to accept or reject the ASRP and/or CAAT program for the CB's client.

The decision and any conditions will be promptly communicated to the CB. The ASRP and/or CAAT process must not be used for any industry sector program unless the industry group has specifically stated it may be used for its program.

So, ANAB supports e-Auditing, but certification bodies have a detailed process to follow to gain approval for its use.

We can see what the International Accreditation Forum (IAF) says on the subject.


IAF GD2:2005
According to the IAF guidance document GD2:2005, if remote auditing techniques such as interactive web-based collaboration, web meetings, teleconferences and/or electronic verification of the organization's processes are used to interface with the organization, these activities should be identified in the assessment plan and may be considered as partially contributing to the total on-site auditor time.

If the certification body (CB) prepares an audit plan for which the remote auditing activities represent more than 30% of the planned on-site auditor time, the CB must justify the audit plan and obtain specific approval from their accreditation body prior to its implementation.

On-site auditor time refers to the on-site auditor time allocated for individual sites. Electronic audits of remote sites are considered to be remote audits, even if the electronic audit is physically carried out on the organization's premises. Regardless of the remote auditing techniques used, the organization must be physically visited at least annually.

Is an eAudit in your company’s future? Absolutely! However, there is still a lot of planning and thought that must go into the implementation of eAudits to ensure their effectiveness.

Labels: , , , ,

Scope Statements on Registration Certificates

Scope Statements on Registration Certificates

Many of our clients struggle with developing a Scope for inclusion in their Quality Manual. Some manuals that I have seen say something like “Our Quality System conforms to ISO 9000.” Unfortunately, while it’s true, that’s not a valid statement for a Scope. Here’s the “official” interpretation of that requirement.


The International Accreditation Forum (IAF) has issued the following guidance for registration certificates:

Certificates issued to ISO 9001:2000 shall state clearly in words the scope of the quality management system in a way that will not mislead customers, and shall ensure that information is available for the user to determine which categories of product and product realization processes are included within the scope of registration. (Emphasis added)


In particular, scope statements shall be explicit in stating the responsibility for product design and development and other principal realization processes, such as, manufacturing, sales, and service.

The exclusion of clause 7 requirements may relate to all or only some of the product categories that are within the scope of the quality management system. Justification for excluding these requirements must be given in the quality manual and the registration body must review the validity of any such exclusions during certification and surveillance audits.

If the organization has responsibility for (and realizes or outsources) the design and development process, the scope statement for registration must include the words "Design of ...", "Development of ...", or "Design and development of ....”

According to the IAF, the following sentence must appear on all certificates issued to ISO 9001:2000:

"Further clarifications regarding the scope of this certificate and the applicability of ISO 9001:2000 requirements may be obtained by consulting the organization."
(Registrars always miss this one!)

How does your Scope measure up? Email me a copy for a FREE analysis at mailto:george@4iqc.com

Labels: , , ,

New ISO 9001:2008 Update Webinar Dates!

Based on the success of the last webinar IQC held on the ISO 9001:2008 Updates, we have released dates for the next webinars:

April 8, 2008 (Tuesday) 1:00PM to 2:30PM EST
September 10, 2008 (Wednesday) - FDIS 1:00PM to 2:30PM EDT
November 13, 2008 (Thursday) - IS 1:00PM to 2:30PM EDT


for more information please go to http://www.4iqc.com/Services/ISO9001_2008.htm

Labels: , ,

Monday, December 10, 2007

ISO 9001:2008 Overview and Webinar

ISO 9001:2008 Overview and Webinar, $125.00
April 8, 2008 (Tuesday) 1:00PM to 2:30PM EST
September 10, 2008 (Wednesday) - FDIS 1:00PM to 2:30PM EDT
November 13, 2008 (Thursday) - IS 1:00PM to 2:30PM EDT

Specific webinar details (web address and login instructions) will be emailed to participants one week prior to the webinar
"What we meant to say was: The amendments to ISO 9001". -- What to expect from ISO 9001:2008.
In this 1.5 hour Webinar you'll get inside information on upcoming changes in ISO 9001:2008. Your instructor presenter, George Hummel, as a member of the US TAG to ISO/TC 176 participated on the interpretations & validation teams for the new standard so he brings reliable, first-hand information.

In this seminar you'll discover the various criteria that each change was required to meet in order to be considered for the amendment. In addition, you'll get to review the actual proposed text changes for the Draft International Standard (DIS). Once you complete this Webinar, you'll have gained confidence and awareness about how ISO 9001:2008 will impact your organization.
In this Webinar, you'll learn the following:

Reason for Amendment
Scope of amendment
ISO standards development process
Clause-by-clause review of changes

This Webinar will discuss the Draft International Standard (DIS)* version of ISO 9001 scheduled for release in October, 2008.
*DISCLAIMER - While minimal change is expected to the standard during the next comment period, the contents of the DIS are subject to change and should not be used in any contractual or legally binding agreements.
After attending this webinar you will receive a coupon for 50% off of a PDF version of IQC’s Understanding ISO 9001:2008 Training Course Participant Manual, Trainer’s Guide and Power Point Slides. The Understanding ISO 9001:2008 Training Course can be used to train your internal auditors, your executive team or for an employee overview. To be published FALL of 2008.

Labels:

Monday, November 26, 2007

Is a customer forcing you to be registered to an ISO based standard?

Many companies say that the reason for implementing a standard-based (ISO 9001, ISO/TS 16949, ISO 13485, AS9100, TL 9000, etc.) Quality Management System (QMS) is that it’s a customer requirement.

Here are some Lessons IQC has learned about these situations that we pass on to you:

1.) If you are being forced to obtain certification to an ISO-based QMS ensure that you have full buy-in from all layers of management.
2.) When you form the team, be sure to invest the right amount of time creating a high-performing team atmosphere.
3.) Embrace the idea that quality is everyone’s business. Involve all departments.
4.) The standards are easy to read and must be interpreted as to how it fits your company. Ensure that the leader of the team has done this. Your leader must understand when the team members begin taking ownership. That’s when the leader needs to let go and watch the organization excel.
5.) Create a robust training program early on to capture all the training record requirements. Understand who will benefit from personal and professional growth opportunities through formal education classes in documentation, FMEA, GR&R studies, SPC techniques, and other similar courses, as required by the industry your customer is in.
6.) When people say, “The ISO (blank) standard requires it,” have them show you where it says that. It’s amazing how people use the standard to get all kinds of things approved.
7.) Talk to your customers about a plan to reduce your customer audits. This includes all customers, not just the one that is forcing you down the certification path.

Contact seth@4iqc.com and I will send you a template for an Implementation Plan.

Dear Mr. Frustrated Management Rep,

This was emailed to me by someone who purchased a pre-written Quality Manual:

I have just started the process of ISO 9001 and have several questions in terms of the template I received from XXXXXXX.com.
1) As I read through the QM and the help pages that coincide, I don’t quite understand when I am being given a directive or merely a note:
For example, when it stays “Task Overview: define....” Is a policy supposed to be defined and inserted or is the information within the template the policy? And I only make changes where necessary?
2.) Is it okay to change the wording in the manual so it suits our operations?
3.) Is it okay to leave things status quo if there are no changes?
4.) In terms of procedures, we have many flowcharts already designated for specific procedures, but I do not see how I fold them into the QMS.

Unfortunately there isn’t more explanation as to what needs to be updated, written, etc. As I go along and read the help pages it seems as if I don’t have to change much and that seems impossible! I apologize, but I am very new to this process. Thanks for any help.

--- Mr. Frustrated Management Rep

I emailed back:

Dear Frustrated,

I feel that you have been done a terrible disservice by anyone selling a pre-written Quality Manual or procedure templates. Here is what ISO 9001:2000 itself has to say about that:

“It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.” (0.1 General)

The intent of the Standard is that companies “identify and manage [the] numerous linked activities” the make up the processes within the organization. Once these processes were identified, a Quality Manual can be developed. ISO 9001:2000, 4.2.2 c, states one of the requirements for the Quality Manual: “a description of the interaction between the processes of the quality management system.” Unfortunately, most pre-written Quality Manuals are mere paraphrasing of the International Standard. There is no organization whose Quality Management System looks like ISO 9001:2000!

A Guideline, ISO/TR 10013:2001, entitled, Guidelines for quality management system documentation, states:

“An organization has flexibility in the way it chooses to document its quality management system. Each individual organization should develop that amount of documentation needed to demonstrate the effective planning, operation, control and continual improvement of its quality management system and its processes.” (Introduction)

And, specific to a Quality Manual, “A quality manual is unique to each organization. This Technical Report allows for flexibility in defining the structure, format, content, or method of presentation for documenting the quality management system for all types of organizations.” (4.4.1)

With this freedom, the Quality Manual does not have to be a narrative. IQC suggests a “Master Flow Chart.” This diagram outlines the sequence and relationship of the organization’s processes. This Master Process Flow is developed by the company’s Top Management. It is an outgrowth of their work developing the Quality Policy and Quality Objectives. The Quality Manual becomes “owned” by Top Management and a statement of how their system operates to meet the vision of the policy and the metrics of the objectives.

So, Mr. Management Rep, chalk the template up to experience and start over. Every company has the knowledge and wherewithal to develop a Quality Manual.

------------------------
Email
george@4iqc.com if you want to see an example of a great Master Process Flow and Quality Manual.