ISO 9001 Certification for University

Training, completed training, competance

Question

How should I proceed to get my university ISO 9001 certified? There are nine campuses and a quality manual already exists.

Answer

If I may, let me answer this from my own experience. I worked with an organization that was geographically dispersed. In the US, there was the corporate headquarters, which had top management, sales and marketing, and design. There was also a manufacturing plant in another state. There was a manufacturing plant in Brazil and one in France.

It was decided that top management would own organization-wide processes. This included Internal Audit, which was outsourced. Top management was responsible for strategy, interested parties (also addressed on a local basis), overall quality objectives, risk and opportunity, the process for documented information on a macro level (for example, your quality manual), organizational knowledge, data analysis and management review (each quarter held in a different facility).

The plants did their own purchasing and supplier development, process risk and opportunity, hiring and training, operational control, local control of specific documented information and data reporting. The three manufacturing plants responded well to local autonomy and centralized reporting. Management Review was very rigorous with the CEO and functional vice presidents at each review. Progress toward objectives, monitoring of interested parties, risk and opportunity was stressed.  If an objective was lagging, plant managers had to present their corrective action with root cause analysis.

Considering the geographical spread, three languages and different cultures and labor laws, the system was very effective, in large part due to the commitment of the CEO.

The 3rd party auditors, while from the same certification body, were local to the facilities. The lead auditor amassed audit data and presented that to top management with a detailed report.

With applications such as Zoom, considerable travel time and expenses can be saved.

Regards,

George Hummel

Scope Statement

Employees, Training, Working, Learning, Duties, Tasks, DFSS, Innovation, Audit, Auditing

Question

My company is late to transition from ISO 9001: 2008 to 2015 and we are just starting. I am already stumped. I need to answer “What is our your scope statement?  This should succinctly summarize your products and/or services. A single sentence is all that is required, as this will be shown your ISO 9001:2015 certificate.”

We are a commercial printing and bindery. Is the scope from receipt of order through final acceptance by the customer? I don’t know what this means.

Answer

Scope is a difficult concept for many. Accuracy is important; however, you encounter two types of scope that may confuse you.  The first is the Scope of the Standard.  It’s in the “introduction,” in clause 01.  It’s informational and is not auditable.  The second is clause 4.3.  Scope is the outcome of the work in 4.1 & 4.2.  There can be a number of ways to address scope: your range of products and services (XYZ company provides design and printing services); different sites (XYZ designs art work in its Chicago studio and our Cleveland plant does commercial printing) – each of these sites addresses their activities; outsourced services (XYZ company coordinates outsourced design and printing services for our customers).  You can slice and dice scope for a single plant (having others in the company), specific sections (within XYZ company, implantable medical devices are manufactured).

In your case, “XYZ provides commercial printing and bindery” is sufficient.

The scope must be documented and will be verified by your third party certification body.

Thanks for your question.

George Hummel

ISO Certification without Quality Dept?

Suppliers, supplier management

Question

There were some changes recently in the company where I work. Now, a quality manager or quality function does not exist in the our company; however, we do maintain the ISO certification.  Our ISO certification applies to our corporate office and it applies also to the manufacturing facility located in a different city.

Is acceptable to have an ISO certification and not have a quality function?

Answer

There is no requirement for a quality function in ISO 9001:2015. I believe that this can be a positive move for your organization as it puts the job of quality upon the process owners, especially top management.  This is where it should be.

It can be a little messy as these responsibilities are passed back to the process owners; but, it’s right!

George Hummel

Making Management Review Meaningful

Training, completed training, competance

Question

I’m looking for assistance with Management Review requirement of ISO 9001:2015. We’ve been following an agenda that covers 9.3.2 a-f, but Senior Management believes that they cover much of this information in other meetings.

I found a few articles through the ASQ website, but wanted to see if there are suggestions for other resources to help make the Reviews relevant and useful rather than just checking off a box.

Answer

Management Review does not have to happen in one session but can be addressed over several meetings.  It is required that all the inputs and outputs (not addressed in your question) are recorded and accessible.

It is important that the inputs/outputs are not “checking off a box.” Management Review should be seen as “due diligence.”  For example, it is not designed to say, “internal audits were performed on xx/xx/2019.” Here is the opportunity for top management to review the audit results for improvement opportunities and determine how risks uncovered can be mitigated.

Note that the standard does not say “a meeting.” You may wish to gather the materials into one document and send it back to top management for review and approval.  This would also allow you to determine if there are any gaps to be addressed.

Try to ensure that top management notes changes in the QMS or needed. For example, does the QMS still support the strategic directions of the organization, have the requirements of interested parties changed, has corrective action found the root cause of problems, have complaints been adequately addressed and, have there been any changes in statutory requirements?

Following the review of the information, it would be my advise to publish the results to communicate these to the entire organization.

George Hummel

 

AS9100 D and ISO 9001: 2015

Airplane, aerospace, AS9100

Question

Is there a document that compares the requirements of AS9100 D against the requirements of ISO 9001:2015?

I am looking to update our system to AS9100 D, and have the standard, however it would be helpful to have a document to help identify the gap between the two.

Answer

ISO 9001:2015 is embedded in AS9100D as the baseline.  If you look at AS9100D text…the regular text is ISO 9001:2015 text and the bold-italics text are the additional Aviation, Space & Defense text.  So what you are looking for regarding the additional requirements is the bold-italics text.

I hope this is helpful.

Buddy Cressionnie
9100 Americas Leader

Escalation Process and ISO 9001: 2015

Chart, graph, sampling, plan, calculation, z1.4

Question

I have created a project and problem escalation pyramid to help associates understand when and who is involved when a project or process issue needs escalation. I would like to know what clause in ISO:9001-2015 this would fall into?

Answer

Thank you for your question.

It sounds like you have created an escalation process for when outcomes don’t meet requirements.  In this case it sounds like ISO 9001 Clause 8.7 “Control of Nonconforming Outputs” would apply.   If the escalation process is specific to something like an engineering design process, then Clause 8.3.2 “Design and Development Planning” and/or Clause 8.3.4 “Design and Development Controls” could apply.

Also, in a general sense, if a process issue needs escalation, it’s part of the plan-do-check-act cycle described under Clause 4.4 “Quality Management System and its Processes”.

I hope you were able to find these references useful.

Denis Devos

A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

ISO 9001: 2015 and “Effectiveness”

Control chart, data, analysis

Question

ISO 9001:2015 references measurement of “effectiveness” throughout the standard. My question is what methods/techniques are typically used to measure “effectiveness”? Is it purely a quantitative analysis of metrics, or does it also involve subjective evaluation that may not be driven by statistics or metrics? Also, is it expected that effectiveness be measured for each process/procedure?

Answer

Thank you for your question.

Let’s begin with the definition of effectiveness from ISO 9000:2015.

Effectiveness is “the extent to which planned activities are realized and planned results are achieved.”  This definition requires that you know what the expected outcome (or objective/target) you want for a given task, project or process.  The first step is to know what you want to achieve, and then ask yourself what would be the best means to determine the extent to which that objective was met?

Yes, it is expected that effectiveness be (suitably) measured for each process. This is at the heart of the Plan-Do-Check-Act cycle.  Also, please read ISO 9001 Clause 4.1 and Clause 0.3.

As far as quantitative vs. qualitative metrics are concerned, you will have to decide what best measures the outcome of the process.  Also consider the cost of data collection.  Often, easy-to-collect qualitative data can suffice.   And don’t be deterred if quantitative data cannot be obtained.  As Dr. Deming so wisely stated: “Sometimes we have to settle for inexact measures of exactly the right things”.

Denis Devos

A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

ISO 9001: 2015 and Vendor Certification

Suppliers, supplier management

Question

We are ISO 9001:2015 certified and have a sole source vendor who is considering dropping their ISO certification. What is the best course of action to retain this vendor if they drop their ISO?

Answer

Thank you for your question.

Unless you are in an industry where you are required to have your suppliers registered to ISO 9001, (for example, the automotive industry under IATF 16949), or you have specific customer contracts which require this,  the choice is entirely yours whether or not your suppliers are registered to ISO 9001.

If your company wants to press the issue and require ISO 9001 as a condition for this supplier to continue to do business with you, be prepared for them to give you up as a customer.   If however, this is a valued supplier with a history of strong performance, you don’t want to dismiss a valued supplier partner.   If you decide to keep them, simply change your purchasing procedure to allow yourself the latitude for management to approve and use suppliers without ISO 9001 certification.

Denis Devos

A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

 

Process Review Requirement in 9001?

About ASQ's Ask the Standards Expert program and blog

Question

Is there a requirement in the new 9001:2015 standards for annual monitoring/reviews of processes? What are any such requirements for process reviews?

Answer

First, there is no requirement to do anything annually.  Rather it is an expectation to do certain things such as calibration at least annually. The subject requirement is in section 9.3 Management review. Specifically section 9.3.2 Management review inputs includes at part (3) “process performance and conformity of product and services”.

What is commonly done is to create key performance indicators  (KPI’S) for each quality system process and these KPI’s are periodically reviewed (at least annually) during a management review.  Any process not meeting its KPI is looked into for improvement.

There are many articles and books written on this subject and available on the web.

James Werner

Click here for more information about KPIs and here for information about management reviews.

Internal Auditing Roles?

Manufacturing, inspection, exclusions

Question

I’m quality manager for R&D department and have several persons as Software Quality Assurance for our software development process. My question is can I act as Internal Auditor to audit the compliance of ISO 9001: 2015 requirements and the software development process execution?

Answer

Let’s look at this differently.  Say you are the quality manager and have several persons doing final product testing in a test lab. Clearly you are not impartial – you have a responsibility of the persons doing the testing.  Since you cannot be impartial, you cannot act as the internal auditor or even be on the auditing team.

James Werner

Click here for more resources about internal audits.