Clauses 8.4.1 and 8.4.2 in 9001: 2015

Mr. Pareto Head and IT

Question

The insurance company I am temporarily helping on quality is limiting its ISO 9001 certified perimeter to the administration of contracts and claims.
With regard to clauses 8.4.1 and particularly 8.4.2 of ISO 9001:2015, should the other internal entities of the company (.i.e HR, IT, Sales Dept, …) absolutely necessary but outside of the perimeter be considered exactly like external providers – just like a provider of IT, for instance – or should they be considered as internal providers with a limited control of their contribution to the QMS through a simplified SLA? Of course, SLAs will be put in place in order to secure the relationship of these internal entities with the perimeter.

I thank you in advance for your help/interpretation of clauses 8.4.1 and 8.4.2 applied to the case submitted.

Answer

Thank you for your question.   Yes, that is an appropriate interpretation, but let me add three comments.

Firstly, recognize that your support functions are captive within your organization and therefore not subject to all of the same conditions that would be imposed on an outside service provider.   For example, you can’t stop doing business with them if you are not happy with their service.  I like your idea for an SLA – keep it simple, but outline your requirements and expectations for their support services.

Secondly, use your process approach (clause 4.4) to define the boundaries of your QMS and how those other external departments interface with you.  This will be helpful in helping your team and others to understand the relationship between your QMS and the rest of the organization.

Thirdly, take advantage of the Context of the Organization analysis (clause 4.1) to further explore those relationships and that will help to determine the level of control you require over those support functions.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

“Shall Be Determined” in 9001

Question

Many of the Quality Management Systems requirements in the ISO 9001: 2015 manual include the verbiage “shall be determined.”  I need to be sure that I understand exactly what this means in this context.  For example, “4.4  QMS and its processes 4.4.1 a)  The inputs required and the outputs expected of the QMS processes are determined.”   Does this mean that there should be process or work instruction written describing this?  Does it mean that there should be documentation showing the development of this information?

Answer

Thank you for your question.  It might be useful to look at the definition of the word determine.  According to the Oxford Dictionary:  Determine means to “Ascertain or establish exactly be research or calculation”, Merriam Webster has a similar definition:  “to find out about or come to a conclusion about by investigation, reasoning, or calculation.

Now to your question.  There does not need to be a procedure about how things are determined.  The output, or the determination itself, will serve as evidence that you did it.  But determine things in an honest way.  You and your CB auditor will assess the reasonableness of your determinations based on the context of your organization.  For example, if you are a hospital, and you “determine” that surgeons do not need to wash their hands, you should be subject to a nonconformance for getting that wrong.    In your example, taken from clause 4.4, the best way to do this is to create a flowchart(s) showing a series of process steps and their interactions.  The arrows in and out of each box along with explanatory text, will demonstrate that you have determined the inputs and outputs of each process step.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Approved Supplier List 17025 or 9001?

ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratoriesQuestion

Every once and while our company will need to find a rare or hard to find item on the web. Due to the rarity of the item we sometimes need to look at sites that are not a typical supplier. So how would you go about approving a supplier such as Amazon or EBay since they are more like a distributor then a supplier and utilize a large pool of other retailers/sellers?

Answer

I think ISO 17025 is not the correct citing; ISO 9001-2015 Section 8.4. would be a better fit.

Approving a distributor is meaningless whether the distributor is Amazon or EBay.  The requirement is under Section 8.4.1 of ISO 9001-2015.  Consider that the supplier is the manufacturer of the item (product) being bought on the web.  The user needs to approve the use of that item – not the supplier. 

The last paragraph under Section 8.4.1 reads, in part: The organization shall determine and apply criteria of the evaluation, selection, and monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in according with requirements.  This means that the organization determines the requirements, documents those requirements, and follows the establish requirements.  The requirements here, I suggest, are to approve the supplier based on the supplied item meeting the organization’s needs – specifications.

For example, Home Depot or Lowes is a distributor (source) of a hex-nut that is infrequently used.  The hex-nut has a specification, thread size, length, etc.  The requirement then would be that an inspection of the hex-nut confirms it meets the predetermined requirements. This is all documented.

James Werner

Is Certification Revocable?

Question

If a company is ISO 9001: 2015 certified, is it revocable?

Answers

From Jim Werner:

A company can indeed have its certification revoked.  Being certified means the company has established a qualify management system that meets the requirements of ISO9001:2015.  The failure of the company to continue to meet those requirements can result in de-certification.

From George Hummel:

Most CBs will revoke a certificate if the client does not answer an audit non-conformance.  Their contract may define other instances.  The questioner should review his or her organization’s contract.

From Charles Cianfrani:

Certified companies receive surveillance audits periodically. If the company fails to maintain compliance with ISO 9001:2015 requirements, eventually (after a series of intermediary steps related to resolution of nonconformity have been unsatisfactorily pursued) their certification can be voided.

Transition to ISO 9001: 2015

Question

We are in the process of reviewing our policies and procedures to be compliant with the ISO 9001: 2015 standard. When converting from ISO 9001: 2008 to ISO 9001: 2015, how should the version control be handled? Should we start at 0 again or move on to the next number?

Answer

I would recommend that the site does not re-number the revisions to zero.  The revision number should be used only for new procedures.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
www.stratecon-intl.com/jsurak.html

Customer Satisfaction

Question

The question is about 9.3.2.1 in IATF 16949. It said the input to management review shall include (f) customer satisfaction. Because that clause is supplemental to ISO 9001, 9.3.2, where C (1) customer satisfaction and feedback from relevant interested parties is inclusive, why does it repeat here? I asked to see 9.2.1 in ISO 9001 but I didn’t see any specific difference between them.

Answer

That’s a very good question, and you’re right that it’s a subtle difference.  It seems that the reference to clause 9.1.2 in the 16949 clause 9.3.2.1 makes it very specific and deliberate that the customer satisfaction being referred to must include “perception” (9.1.2) and that the customer satisfaction in management review will be derived from how “the organization shall determine the methods for obtaining, monitoring and reviewing this information”  (9.1.2).   I hope you find this clarification helpful.

Denis J. Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Clauses vs. Elements in ISO Standards

Training, completed training, competance

Question

What, if any, is the difference between the words “clause” and “element” in ISO standards?
Specifically, “customer shall conduct an internal audit addressing all elements of the management system.”  And, at what level is this in the standard, eg, 4 or 4.1 or 4.2.1

Answer

1) The difference between the words “clause” and “element” in ISO standards? – No difference.

2)”Customer shall conduct an internal audit addressing all elements of the management system”. –  Customers do not perform internal audits on suppliers.  If this person means that  customer requires a full QMS audit, so does the standard.  “All elements” probably means all QMS processes.

3) At what level is this in the standard, eg, 4 or 4.1 or 4.2.1 – 4 is the clause/element; 4.1.& 4.2 are “sub-clauses”

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

ISO Certification and Suppliers

Mr. Pareto Head and Supply Chain comic strip

Question

I work for a small family company that purchases items and potentially processes or packages them into heat protection materials. One of my existing customers is asking for ISO certification for some materials that I will sell to them. The material I’m trying to sell him comes from my supplier who is ISO 9001 certified, but my company is not. How can I show my customer that my supplier is ISO certified without the customer knowing who my supplier is?

Answers

The company is doing a value added process, and not a distributor.  As a result, if the customer is demanding ISO 9001 certification from the company, they need to make the decision, do they want to do business with the company? If so they need to pursue certification. If they do not want to pursue certification, they should tell the customer they do not want to pursue certification.  The customer can make the decision whether they will purchase product from the company.  I have had an experience where I did not want to do an audit with a company.  We told the customer, we will not do it.  The customer responded and came back with a reasonable proposal.  They wanted the business.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
www.stratecon-intl.com/jsurak.html

First, ISO certification is for a company’s quality management system, not for particular materials.  I would let the customer know, on company letter head, that:  “We certify that the materials we purchased are from ISO 9001 certified suppliers only.  The name of these suppliers is company confidential.”

James D. Werner
Principal Consultant
MDQC
Medical Device Quality Compliance, LLC

ISO 9001 Certification and Moving

Question 

My small company is considering ISO certification because some of our customers are asking for it. My concern is that if we continue growing at our current rate, we may be moving in 12-18 months. Is ISO certification site specific – i.e. if we obtain certification and then move, do we need to undergo a whole new certification?

Answer

After the certification audit your company will get a certificate for three years, and you will be adhered to a surveillance audit each year during the mentioned duration. There is no problem in moving if your moving did not lead to changes in your processes, activities, services or products which were included in your Quality Management System’s scope during the first certification audit, but it was just moving to another address. 

Ibrahim Moussa
Founder and Managing Director, at VOICE OF QUALITY for Training and Consulting Services
ibrahim@voiceofquality-eg.com

 

Creating a Culture of Quality

ASQ Global State of Quality 2016

Question

I was introduced to Quality Management (& ISO 9001:2015) recently. The culture of the organization that I am concerned with has not embraced Quality Management, and it is often the subject of outright and unprofessional antagonism. I seek direction in order to arm myself with greater knowledge or qualifications as well as change attitudes toward Quality Management at all levels within the organization. I thought that ASQ would be a good resource. Since there are so many channels, a plethora of literature, and various certifications and conferences, I am a bit overwhelmed. I need to focus my efforts, and I hope to be able to do so with some direction from a professional who can relate to such growing pains. Thank you.

Answer 1

Thank you for your question.  I can certainly to relate to you and your plight – I was in a similar circumstance early in my career.   If you were introduced to ISO 9001 this year, I have to assume that your company is not yet registered.   Most manufacturing companies are required by their customers to have registration, but if you are not in that situation, you have to sell Quality Management on its own merit.  The bad news is, that if your senior management doesn’t want a Quality Management System, there is nothing you can do about that.  Now, that being said, you can begin by examining some of the “pain points” in your organization and showing how quality tools can help to solve them.  Management will never embrace quality until they see what is in it for them.   You can start with an analysis of the Cost of Poor Quality.  When your leadership sees the cost of nonconformance, they will be keen to bring those costs down.  COPQ typically includes the cost of external customer complaints, replacing products, late deliveries, and internal costs such as scrap, rework, re-makes etc.  If there has ever been a problem that traces back to not properly understanding a customer’s needs, that is a text-book example of how Quality Management can help.  Start with that.   Look at the costs of poor quality, and sell the idea of using quality tools to bring those costs down.  You will have no chance of selling your management on quality until they can see what’s in it for them.  Good Luck!

Denis J. Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Answer 2

it sounds like this company needs a culture change. This change can happen only at the direction of the company’s leadership.
Here’s some suggestions:

  1. Each department head has to establish three (3) measurable goals on how his/her department is improving on the quality of their department’s output/work.  These are to be reported at each executive monthly meeting.  Department manager’s must be held accountable for lack of quality improvements.
  1. Every individual’s performance review must include “quality performance.”  This also needs to be measurable (less than last year, improved customer satisfaction from surveys, reduced ‘cost-of-quality’, reduced audit nonconformance observations, etc.)
  1. If the company has a bonus program, individuals/departments bonus is tied into quality performance.  ISO observation means 10% or more cut in bonus.
  1. Have top executives hold meetings on the need for quality and it’s everyone’s responsibility – not just the QA department.  If employees don’t like it they are welcomed to find employment elsewhere.

Jim

Jim Werner
Voting member to the U.S. TAG to ISO TC 176 Quality Management and Quality Assurance
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor