Special Process NCRs During Audit

Welding, Weld, Processes, Automation

Question

Recently one of our business units had an ISO 9001: 2008 audit and during the audit they received a couple NCRs on welding as a special process.
One of the NCRs was “Some welders are not qualified prior to welding on product.”
As a matter of fact, our company has developed its own qualification program based on the our needs consisting of the following steps:
– The minimum requirement of least 2 years or more experience as a welder before starting the job.
– In class training for weld specifications, blue print reading, equipment, weld supplies, visual acceptance/ rejection criteria and equipment TPM program conducted by our QE.
– Hands on exam – the result of this test is reviewed by a QE and weld supervisor without performing any bend test, pull test or other types of DT.
– Annual recertification program based on a written exam and weld coupons visual inspection results.

The CB auditor is asking us to send the coupons out to a certified lab for bend testing or having all the welders certified by AWS. Is that required per ISO 9001? As a side note, every time we design and develop a new model we conduct all types of crash tests, FEA and durability testing in design validation phase.

Answers

From George Hummel:

I would not accept the auditor’s comments.  He/she is consulting.

From Charles Cianfrani:

No. It appears that the CB auditor is adding requirements. The organization has a process, and if it is effectively implemented that should be satisfactory evidence of conformity.

Work Instructions and Audits

Chart, graph, sampling, plan, calculation, z1.4

Question

Regarding ISO 9001: 2008 (or 2015) auditing, I have always been trained that a work instruction when implemented as supporting the QMS can be audited as it is supporting the effectiveness of the QMS. I was recently told by a business owner that not only is that not true, he does not have to show me his work instruction.  I would like to reply with a clear technical response. Can anyone share their view on this?

Answers

Thank you for your question.   Of course you know you’re right.  It sounds like you have a major nonconformance against Clause 5.1 on your hands.

Denis Devos
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

ISO 9001:2015 clause 7.5.1b states the following :
The organization’s quality management system shall include: documented information determined by the organization as being necessary for the effectiveness of the quality management system/

 Documented information includes both procedures and records see appendix A.3 (Documented information). 

 Since the work instructions are supporting the QMS, it is part part of the QMS, and can be audited as part of both the internal audit and external audit.  It appears that part of the confusion may be caused by a lack of understanding of the new term “documented information.”

John G. Surak, PhD
– Providing food safety and quality solutions –
tel: 1-864-506-2190
skype:  john.surak
email: jgsurak@yahoo.com
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

Document Revision Criteria

ISO documentation practices, requirements

Question

Is there any criteria available for the frequency of document revision in ISO 9001 or ISO 13485?  Some organization don’t revise the documents for a period of more than 2-3 years.  The reason provided by the organization is that there were no changes during this period. Do ISO standards mandate the revision of documents within a certain time frame? Can we treat this as non-compliance, if the documents are not revised over a period of 2-3 years ?
Answer

There are no criteria nor a requirement for document revision in ISO 9001:2015, 7.5.

ISO 13485:2016, 4.2.4, states, “review, update as necessary and re-approve documents.” This leave the review to the discretion of the organization.

Thus, there is no mandatory review frequency and no non-conformance if documents are not revised within a determined time frame.  ISO 13485 does require a review, however. But, the frequency of the review is not mandated.

George Hummel

Verification or Calibration?

Automotive inspection, TS 16949, IATF 16949

Question

There is a second part to 7.6 para “a” which reads; “where no such standards exist, the basis used for calibration or verification shall be recorded.” It is clear for shops that are complying to the ISO 9001:2008(E) we need to have measurement standards traceable to international or national measurement standards. My question has to do with cylindrical plug gages that are used at the machines to verify manufactured print dimensions. The pins/plug gages are not sent out at intervals for calibration however, they are compared to a traceable measurement standard before being issued to the manufacturing area. We consider these gages to be calibrated “as used ” and we do not record the initial actual size of the pins/plug gage but issue it only on the basis that the size was verified against a traceable measurement standard. Are we required per Para 7.6 to record the actual size of the pins/plug gages?

Answer

Thank you for your question.  What you are describing is verifying prior to use, rather than calibration.    If the rings or other standards being used to check these plug gauges each day are properly calibrated and traceable to national standards, you are compliant with ISO 9001:2015.  If you are registered to AS 9100 or TS 16949, stricter requirements will apply and you may not be meeting those requirements for recording variable results of calibration.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Clauses 8.4.1 and 8.4.2 in 9001: 2015

Mr. Pareto Head and IT

Question

The insurance company I am temporarily helping on quality is limiting its ISO 9001 certified perimeter to the administration of contracts and claims.
With regard to clauses 8.4.1 and particularly 8.4.2 of ISO 9001:2015, should the other internal entities of the company (.i.e HR, IT, Sales Dept, …) absolutely necessary but outside of the perimeter be considered exactly like external providers – just like a provider of IT, for instance – or should they be considered as internal providers with a limited control of their contribution to the QMS through a simplified SLA? Of course, SLAs will be put in place in order to secure the relationship of these internal entities with the perimeter.

I thank you in advance for your help/interpretation of clauses 8.4.1 and 8.4.2 applied to the case submitted.

Answer

Thank you for your question.   Yes, that is an appropriate interpretation, but let me add three comments.

Firstly, recognize that your support functions are captive within your organization and therefore not subject to all of the same conditions that would be imposed on an outside service provider.   For example, you can’t stop doing business with them if you are not happy with their service.  I like your idea for an SLA – keep it simple, but outline your requirements and expectations for their support services.

Secondly, use your process approach (clause 4.4) to define the boundaries of your QMS and how those other external departments interface with you.  This will be helpful in helping your team and others to understand the relationship between your QMS and the rest of the organization.

Thirdly, take advantage of the Context of the Organization analysis (clause 4.1) to further explore those relationships and that will help to determine the level of control you require over those support functions.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

“Shall Be Determined” in 9001

Certification, ISO 9001

Question

Many of the Quality Management Systems requirements in the ISO 9001: 2015 manual include the verbiage “shall be determined.”  I need to be sure that I understand exactly what this means in this context.  For example, “4.4  QMS and its processes 4.4.1 a)  The inputs required and the outputs expected of the QMS processes are determined.”   Does this mean that there should be process or work instruction written describing this?  Does it mean that there should be documentation showing the development of this information?

Answer

Thank you for your question.  It might be useful to look at the definition of the word determine.  According to the Oxford Dictionary:  Determine means to “Ascertain or establish exactly be research or calculation”, Merriam Webster has a similar definition:  “to find out about or come to a conclusion about by investigation, reasoning, or calculation.

Now to your question.  There does not need to be a procedure about how things are determined.  The output, or the determination itself, will serve as evidence that you did it.  But determine things in an honest way.  You and your CB auditor will assess the reasonableness of your determinations based on the context of your organization.  For example, if you are a hospital, and you “determine” that surgeons do not need to wash their hands, you should be subject to a nonconformance for getting that wrong.    In your example, taken from clause 4.4, the best way to do this is to create a flowchart(s) showing a series of process steps and their interactions.  The arrows in and out of each box along with explanatory text, will demonstrate that you have determined the inputs and outputs of each process step.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Here’s more information about ISO 9001.

Approved Supplier List 17025 or 9001?

ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratoriesQuestion

Every once and while our company will need to find a rare or hard to find item on the web. Due to the rarity of the item we sometimes need to look at sites that are not a typical supplier. So how would you go about approving a supplier such as Amazon or EBay since they are more like a distributor then a supplier and utilize a large pool of other retailers/sellers?

Answer

I think ISO 17025 is not the correct citing; ISO 9001-2015 Section 8.4. would be a better fit.

Approving a distributor is meaningless whether the distributor is Amazon or EBay.  The requirement is under Section 8.4.1 of ISO 9001-2015.  Consider that the supplier is the manufacturer of the item (product) being bought on the web.  The user needs to approve the use of that item – not the supplier. 

The last paragraph under Section 8.4.1 reads, in part: The organization shall determine and apply criteria of the evaluation, selection, and monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in according with requirements.  This means that the organization determines the requirements, documents those requirements, and follows the establish requirements.  The requirements here, I suggest, are to approve the supplier based on the supplied item meeting the organization’s needs – specifications.

For example, Home Depot or Lowes is a distributor (source) of a hex-nut that is infrequently used.  The hex-nut has a specification, thread size, length, etc.  The requirement then would be that an inspection of the hex-nut confirms it meets the predetermined requirements. This is all documented.

James Werner

Is Certification Revocable?

Data review, data analysis, data migration

Question

If a company is ISO 9001: 2015 certified, is it revocable?

Answers

From Jim Werner:

A company can indeed have its certification revoked.  Being certified means the company has established a qualify management system that meets the requirements of ISO9001:2015.  The failure of the company to continue to meet those requirements can result in de-certification.

From George Hummel:

Most CBs will revoke a certificate if the client does not answer an audit non-conformance.  Their contract may define other instances.  The questioner should review his or her organization’s contract.

From Charles Cianfrani:

Certified companies receive surveillance audits periodically. If the company fails to maintain compliance with ISO 9001:2015 requirements, eventually (after a series of intermediary steps related to resolution of nonconformity have been unsatisfactorily pursued) their certification can be voided.

Here is more information about ISO 9001: 2015.

Transition to ISO 9001: 2015

Reporting, best practices, non-compliance reporting, analysis

Question

We are in the process of reviewing our policies and procedures to be compliant with the ISO 9001: 2015 standard. When converting from ISO 9001: 2008 to ISO 9001: 2015, how should the version control be handled? Should we start at 0 again or move on to the next number?

Answer

I would recommend that the site does not re-number the revisions to zero.  The revision number should be used only for new procedures.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

Here’s more information about ISO 9001: 2015.

Customer Satisfaction

Gage R&R, Torque Wrence

Question

The question is about 9.3.2.1 in IATF 16949. It said the input to management review shall include (f) customer satisfaction. Because that clause is supplemental to ISO 9001, 9.3.2, where C (1) customer satisfaction and feedback from relevant interested parties is inclusive, why does it repeat here? I asked to see 9.2.1 in ISO 9001 but I didn’t see any specific difference between them.

Answer

That’s a very good question, and you’re right that it’s a subtle difference.  It seems that the reference to clause 9.1.2 in the 16949 clause 9.3.2.1 makes it very specific and deliberate that the customer satisfaction being referred to must include “perception” (9.1.2) and that the customer satisfaction in management review will be derived from how “the organization shall determine the methods for obtaining, monitoring and reviewing this information”  (9.1.2).   I hope you find this clarification helpful.

Denis J. Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com