Aerospace Surveillance Audits

Airplane, aerospace, AS9100

Question

In reference to AS9104/1 clause 8.2.2.f “Auditing of the entire AQMS standard on all shifts is required for initial and recertification audits. For surveillance audits, the planning shall include coverage of multiple shifts, when the audit plan activities occur across multiple shifts.”

The identified process is “Production” but shift one conducts assembly and shift two kits parts for assembly. Since “Production” spans both shifts but “activities” are distinct on each shift, do you have to audit both shifts during every surveillance audit?
Answer

It would be required that Production be audited on both shifts when it is planned for surveillance audits.  For example, if the acquire business, design & development, and procure parts/materials were audited in Annual Surveillance #1 and production and procure parts/materials were audited in Surveillance #2, then second shift would only require to be audited during Surveillance #2.

Buddy Cressionnie

Learn more about the AS9100 standards here.

Sampling Foils, Films, and Labels

Manufacturing, inspection, exclusions

Question

My question is about sampling aluminium foils, films used in packaging and sticker labels received in rolls which are wound around a core. I can decide to chose the number of rolls to sample from using the tables given in Z1.4, but how should I decide on the amount of stickers and aluminium foil and film to be sampled? I ask this question since it is practically impossible to sample from within a wound roll.
Answer

The ANSI Z1.4 and Z1.9 standards might be applicable when all units do not have the same probability of being selected.  Since you cannot sample units closer to the core, and defects would never be detected unless they occur at the end of the roll, I would recommend a different strategy, either using a vision system (100% inspection) or in process inspection.

If you want to use the standard, the sample size should be based on the number of samples, not the number of rolls.  For example, a roll with 5000 labels would be an N=5000 not N=1.

Steven Walfish

Learn more about visual inspection here.

ANSI Z1.4 Reduced Inspection

Question

If you have Ac=0 and Re=2 what do you do for 1? I have not used the reduced sampling before, so am curious what should be done in this instance.

Answer

If you review the footnotes for Table II-C of ANSI Z1.4, you will see that there is a note (†) that states: If the acceptance number has been exceeded , but the rejection number has not been reached, accept the lot, but reinstate normal inspection (see 10.1.4).  So in your case, with a single reject, you would accept and reinstate normal inspection.

Steven Walfish

ISO Requirements or Good Documentation Practices?

 

Calibration

Question

Are these standard for ISO or just good documentation practices?

1. All entries, except IPQA, should be made with blue ball pen in clear and legible handwriting.
2. IPQA entries shall be done in black ball pen.
Answer

I can sense what it is happening at the place where this question originated. In the past, I saw a company where the person in charge of the Quality System was saying “this is a ISO requirement” to enforce what in this person’s opinion was a best practice. Nobody questioned those statements because “it is an ISO requirement”. So, the answer to the question is, those are best practices, not ISO requirements. Please see below the ISO 9001:2015’s clause pertaining to this question.

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:

  1. a)       it is available and suitable for use, where and when it is needed;
  2. b)       it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:

  1. a)       distribution, access, retrieval and use;
  2. b)       storage and preservation, including preservation of legibility;
  3. c)       control of changes (e.g. version control);
  4. d)       retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and be controlled.

Documented information retained as evidence of conformity shall be protected from unintended alterations.

NOTE  Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

As you can see, no reference to any ink color whatsoever. Legal documentation tends to be completed by using blue ink to differentiate originals from Xerox copies. However, today’s technology allows us to have color copies.

Regards,

Aura Stewart

ISO 9001: 2015 Clause 8.4.3

Mr. Pareto Head and Supply Chain comic strip

Question

It’s not clear to me who an external provider may be. Could it be an electrical contractor, a lunch truck, a caterer, or other similar? That thinking is tremendously different than just the traditional “supplier” which is what this company has using been for many years. So there’s that concern. Also, advising our external providers what equipment to use, how to use it and how to train their people? Is that really what’s said here? That would require tremendous knowledge in our organization that most likely is not here. What exactly is being said here? I’m a little confused how to address this requirement. Finally, section (e): we must communicate to the external provider how we are going to measure them? Can it be done through email, or phone, or what is a common method for meeting the requirement? Thanks much.

Answer

Who is an external provider?

ISO 9001:2015, 8.4.1 states, the organization shall determine the controls to be applied to externally provided processes, products and services when:

  1. products and services from external providers are intended for incorporation into the organization’s own products and services;
  2. products and services are provided directly to the customer(s) by external providers on behalf of the organization;
  3. a process, or part of a process, is provided by an external provider as a result of a decision by the organization.
    1. Refers to a product that becomes part of your product; for example, a bolt incorporated into a seat assembly. You purchase these.
    2. Refers to a product that is “dropped shipped” to a customer. Think of an Amazon purchase where the product comes from a second party under the Amazon logo.
    3. Refers to a process that is outsourced as a result of the organization’s decision to have the process managed externally. For example, the heat treating of a part where the part needs to be heat treated but the organization does not have that process internally.

Therefore, an electrical contractor, a lunch truck, etc. are not included since they are outside the scope of the QMS.

Secondly, “advising our external providers,” refers to the type and extent of control.  Will you perform 100% incoming verification, or require material certifications, or require certification to a quality management standard? In certain instances, you may want to specify the equipment or training an external provider must implement.  For example, for outsourced welding, your requirement might be that welders are certified by the American Welding Society or your calibration company be accredited to ISO 17025.

How will you measure an external provider?  It can be on-time delivery, responsiveness to requests, PPM targets.  Communicating the measurement (8.4.3 e) is related to 8.4.1, “retain documented information of these activities and any necessary actions arising from the evaluations”.  Therefore, a record must be retained.

George Hummel

ISO 9001: 2015 Clauses 4.1 and 4.2

Question

Let’s start with clause 4.2. What level of detail is required here? Is “supplier” or “customer” sufficient, or is it required to drill down from there to specific suppliers or customers? We have hundreds of suppliers and many more customers. Regarding 4.1, thinking about working this from the bottom up. Each Leader (supervisor, manager, director) will review processes under their control and identify issues related to those processes. Those processes can have internal and externally related issues. It’s the hope (plan) that this approach will cover all relevant issues (internal & external) that would impact our ability to meet the needs of the QMS -and- meet the needs of the interested parties (we are adding a column that identifies which interested party would be affected by the issue). As a side note, we’ll also do our risk analysis on all of the noted issues and roll the top items into the CAR/CI process. I feel I may be missing something with this approach, but it seems to mostly meet the requirements of 4.1 and 4.2.

Answer

4.2:  What level of detail?  The standard states, “the organization shall determine:

  1. the interested parties that are relevant to the quality management system;
  2. the requirements of these interested parties that are relevant to the quality management system. The organization shall monitor and review information about these interested parties and their relevant requirements.  [emphasis added]

Is “supplier” or “customer” sufficient?  It would be if all had the same requirements.  Assuming that they do not, you are required to “drill down.”  Customer satisfaction cannot be achieved unless you understand the individual requirements and monitor and review those requirements (which are an input to Management Review).

Furthermore, the list of interested parties goes beyond “customers & suppliers.”  Owners, employees, regulatory agencies, financial institutions, etc. to name a few have requirements as interested parties. These need to be addressed, as well.

“We are adding a column that identifies which interested party would be affected by the issue.” This is a good approach if the requirement is also addressed and you go beyond customer and supplier.

“Regarding 4.1, thinking about working this from the bottom up.” Once again, the standard states, “The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction…”

The key in this requirement is “strategic direction.”  If from working from the bottom up, you ultimately tie these external and internal issues to the organization’s strategic direction, there should not be a problem.

Be aware that your approach will not be familiar to your auditor.  In that case, you will need to fully explain your approach.

George Hummel

Relocation Requires Audit?

Question

One of my contract manufacturers who is ISO 9001: 2008 certified, submitted a Supplier Change Notice to relocate their factory to a new site/location. This will trigger many activities including re-qualification, etc. My question is, for their ISO 9001 certificate, do they simply refresh their company location / address in their ISO 9001 certificate with the Notified Body or they actually need to go through a full scale quality system audit by the NB?

Answer

Yes. They do need to have a full scale audit. The reason is very simple, a business is a system. When you change the environment, you alter that system. A full audit will be an adequate representation of the scope and magnitude of the change, and will indicate if this supplier is still a reliable manufacturer. Think about your most recent home move, the family is the same, your belongings are the same; however, everything is different at the same time.

Aura Stewart