Does ISO 9001 Clause 7 Apply to Processes?

Manufacturing, inspection, exclusions

Q: Does clause 7 Product Realization in ISO 9001:2008 Quality management systems–Requirements apply to the design and development of manufacturing processes?

We have four facilities that are ISO 9001 certified under one certificate. One location designs the product, and the other facilities manufacture it. In the “design facility” we follow the requirements of clause 7. In the manufacturing facilities, we currently do not apply clause 7 for the process of developing the manufacturing processes.

A: ISO 9001 clause 7.3 is applicable to the design and development characteristics of a product.

ISO 9001:2008 clause 7.1 (Planning of Product Realization) and its reference to clause 4.1 (General Requirements) is more specific to product planning to ensure that the product quality objectives and the processes/resources are available to produce a product that will meet defined quality requirements as specified during design and development in clause 7.3.

Clause 7.1 requires that the planning process include identification of the inter-related processes (i.e., monitoring, inspection, product quality objectives, testing, records of conformity needed to verify the product requirements have been achieved.

The bottom line:  the product characteristics, quality objectives and inter-related processes must be documented.  If this is not fully achieved in the design and development process (clause 7.3), it must be included in the product planning process (clause 7.1). Please see clause 4.1.

Please keep in mind that your company’s ISO registrar will require evidence of conformity (records/documentation) to verify the requirements of clauses 4.1, 7.1 and 7.3 have been met.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 7.1 Product Realization

Suppliers, supplier management

Q: Our company, certified to ISO 9001:2008 Quality management systems–Requirements, is experiencing quite a bit of supplier non-conformance.

An option we are interested in is to have a set of manufacturing drawings for our suppliers and a set of inspection drawings. Either the manufacturing set would require tighter tolerance than the inspection set, or the inspection set would have looser tolerances than the manufacturing set.

What would the criteria be to introduce this theory into our procedures?

A: I suggest that you consider the point of ISO 9001:2008 Quality management systems–Requirements, clause 7.1, regarding the development of product objectives. Your planned approach is similar to what is intended by this clause.

The organization should set its product requirements during the product planning stage. Product requirements should be based upon design inputs, outputs, verifications and validations. This provides the essential measurements (tolerances) required for the product to function as designed or intended.

The requirements sent to suppliers, or to the shop floor, should be within the design tolerances or criteria, but not necessarily the same. However, in the event that inspection or a supplier identifies/provides a product that is outside the drawing requirements, it would be up to the engineer or the designer to decide if the product still meets the design criteria. If so, the product would be disposition “accept as is” and would still function as planned.

If repetitious non-conformance is encountered and the product is still within the design criteria, then changes to the supplier and inspection criteria should be considered to prevent continued non-conformance. If the non-conformance does not meet the product requirement or the design criteria, corrective action should be taken with the supplier.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 Corrective Action Time Window

Schedule, calendar, timeline

Q: We will be audited by a different firm soon to ISO 9001:2008 Quality management systems–Requirements, and I am noticing differences compared to our former auditors.

At the closing of an annual surveillance audit for a three-year certificate if a non-conformance is issued at the closing meeting, what is the expectation of response for:

1. Minor non-conformances

2. Major non-conformances

How many days are expected for the initial response for each?

How many times during the next 12 months should we expect the auditor to come back to the site to verify corrective action for each?

A: Regarding your question about response times for corrective actions, please note the following.

ISO 9001:2008 clause 8.2, Internal audits, does not specify or prescribe any time limits. ISO 9001:2008, clause 8.2.2, only requires the management for the responsible area (process owner) to take corrective action without undue delay. No time limit is identified.

With regard to audit follow up visits — this is strictly dependent upon the registrar or other auditing body. Some auditing bodies will follow up on closed CARs during their next scheduled surveillance audit. This allows enough time to past to evaluate the effectiveness of the corrective action taken.

In most cases, the auditee is required to complete the CAR identifying the root cause and the corrective actions taken to prevent a reoccurrence.

This information is assessed by the auditing body to confirm that a root cause was identified and that action taken match the root cause. This is normally done in the form of a desk review.

Due to the costs involved and other logistics, rarely will any auditing body want to come out to verify each corrective action taken. This is usually something for the internal audit staff to perform as a part of their audit activities.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 Implementation Guidance

The effect of ISO 9000 certification on financial perfomance

Q: I am directing a ground floor implementation effort to become certified to the ISO 9001:2008 Quality management systems–Requirements. I work for a small manufacturing company (less than 20 employees). Is there a quality management system (QMS) or ISO template product that I could use to help guide this process? Something with generic formats and outlines that I could customize and populate with our information. Or do I need to create from scratch all QMS and ISO supporting documents?  In practice, we currently have no documentation. I have ordered some resources from ASQ (see below). Is this a good start or can you recommend some other resources?

A: Please navigate these waters carefully.  There are several “do it yourself” type packages out there. Unfortunately, many of them don’t go far enough to provide a functional system unless the end user already has a thorough working knowledge of quality management systems (QMS). Therefore, as a quality professional, I hesitate to recommend this approach.

In order to establish an ISO 9001:2008 QMS capable of obtaining third-party certification, you will need to prepare a quality manual, a quality policy, define your organizations quality objectives, develop the six required QMS procedures, which as a minimum include:

1.    Control of documents
2.    Control of records
3.    Control of nonconforming product
4.    Internal audits
5.    Corrective actions
6.    Preventive actions

The reference books that you have already ordered from ASQ should contain some examples of the documents mentioned.  Once these QMS documents are established, you will need to orientate the organization to the requirements of the QMS, explain how each employee contributes to achieving the quality objectives, and ensure that the quality policy is communicated throughout the organization and is understood.  An internal audit will also be required to assess the effectiveness of the QMS once it has been implemented.

A management review will be required to ensure that top management is aware of input items mentioned in ISO 9001:2008, clause 5.6.2 and that they take action as needed to ensure the effectiveness and continual improvement of the QMS. These items should be completed prior to scheduling your registrar’s onsite pre-assessment for certification.  We wish you every success with your QMS project.  Please contact us if you would like to discuss this matter in more detail or require any support.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Merging With a Non-ISO 9001 Certified Organization

Reporting, best practices, non-compliance reporting

Q: My federal agency is comprised of many different internal organizations. We have a scenario where a recently certified organization to the ISO 9001:2008 Quality management systems–Requirements is planned to be merged with a non-certified organization that has no type of management system. The certified organization’s certification runs for three years but it will be more closely integrated with the non-certified organizations. Will the merger affect the certified organization’s certification? Do you have any insights on how these types of occurrences typically affect the management system itself when an organization that is certified for 100% of its operations now becomes 50% of a larger organization? It’s quite likely that the certified organization’s name will change at least in part.

A: With regard to your question, if company “A” is already ISO 9001:2008 certified and is now being merged with a non-certified company here’s what should be considered.  First, the current ISO certification is only applicable to company “A” as defined in the scope of the quality manual as well as on the ISO 9001 certification issued by the ISO registrar.

Your ISO registrar needs to be immediately informed of changes effecting the company name, top management and/or processes.  The registrar may very likely require the newly merged companies to be reevaluated for ISO certification and listed under one ISO certification.

Most ISO registrars will not issue ISO certification for just a portion of a company.  All processes that comprise the quality system must be identified and included as a part of the QMS unless specific exclusion is stated in the quality manual as permitted by ISO 9001.  The management representative will need to ensure that top management is aware of how this merge may affect the current QMS so effective actions can be taken to bring company “B” in line with the established QMS procedures and other ISO requirements.  I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Value of CQA Certification in Aerospace Auditing

 

Q: What groups recognize the ASQ Certified Quality Auditor (CQA) Certification? The CQA is not enough to conduct an  internal audit to AS9100:2009 Revision C Quality management systems—Requirements for aviation, space and defense organizations, and I am not trained in AS9100C.

Why become a Certified Quality Auditor (CQA)?

A: Thank you for contacting ASQ Ask the Experts. The ASQ CQA is recognized by companies, industries and organizations worldwide as evidence of an individual that has demonstrated their ability to meet established criteria for quality management system auditing.

AS9100C contains requirements that are specific to the aerospace industry and  exceed the ASQ CQA requirements.

Having an ASQ CQA would be a good start toward obtaining an AS9100C auditor certification.  However, keep in mind that although first party internal auditors should be trained as auditors, rarely would they be required to be certified for the purpose of conducting internal (first party) audits.  I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com