Relocation Requires Audit?

Question

One of my contract manufacturers who is ISO 9001: 2008 certified, submitted a Supplier Change Notice to relocate their factory to a new site/location. This will trigger many activities including re-qualification, etc. My question is, for their ISO 9001 certificate, do they simply refresh their company location / address in their ISO 9001 certificate with the Notified Body or they actually need to go through a full scale quality system audit by the NB?

Answer

Yes. They do need to have a full scale audit. The reason is very simple, a business is a system. When you change the environment, you alter that system. A full audit will be an adequate representation of the scope and magnitude of the change, and will indicate if this supplier is still a reliable manufacturer. Think about your most recent home move, the family is the same, your belongings are the same; however, everything is different at the same time.

Aura Stewart

Customer ISO Status In Jeopardy?

Question

My customer wants to get ISO 9001:2015 certified. He refuses to create a first-article, in-process, and final-inspection report. He has a router sheet that has a tiny space for final inspection brief information and the operator’s initials; no inspection data is available.
In his quality manual and processes he addresses “Time Studies” and “Statistical Process Control” but he refuses to record his inspection data because this “complicates and delays” his production. I told him this is a weakness in his QMS but he says it’s not. Will this issue jeopardize his ISO certification?

Answer

I would ask how the organization could present objective evidence with the requirements of Clause 8.5.1 including  – ‘shall implement production and service provision under controlled conditions.’

Charlies Cianfrani

Special Process NCRs During Audit

Question

Recently one of our business units had an ISO 9001: 2008 audit and during the audit they received a couple NCRs on welding as a special process.
One of the NCRs was “Some welders are not qualified prior to welding on product.”
As a matter of fact, our company has developed its own qualification program based on the our needs consisting of the following steps:
– The minimum requirement of least 2 years or more experience as a welder before starting the job.
– In class training for weld specifications, blue print reading, equipment, weld supplies, visual acceptance/ rejection criteria and equipotent TPM program conducted by our QE.
– Hands on exam – the result of this test is reviewed by a QE and weld supervisor without performing any bend test, pull test or other types of DT.
– Annual recert. program based on a written exam and weld coupons visual inspection results.

The CB auditor is asking us to send the coupons out to a certified lab for bend testing or having all the welders certified by AWS. Is that required per ISO 9001? As a side note, every time we design and develop a new model we conduct all types of crash tests, FEA and durability testing in design validation phase.
Answers

From George Hummel:

I would not accept the auditor’s comments.  He/she is consulting.

From Charles Cianfrani:

No. It appears that the CB auditor is adding requirements. The organization has a process, and if it is effectively implemented that should be satisfactory evidence of conformity.

Clauses 8.4.1 and 8.4.2 in 9001: 2015

Mr. Pareto Head and IT

Question

The insurance company I am temporarily helping on quality is limiting its ISO 9001 certified perimeter to the administration of contracts and claims.
With regard to clauses 8.4.1 and particularly 8.4.2 of ISO 9001:2015, should the other internal entities of the company (.i.e HR, IT, Sales Dept, …) absolutely necessary but outside of the perimeter be considered exactly like external providers – just like a provider of IT, for instance – or should they be considered as internal providers with a limited control of their contribution to the QMS through a simplified SLA? Of course, SLAs will be put in place in order to secure the relationship of these internal entities with the perimeter.

I thank you in advance for your help/interpretation of clauses 8.4.1 and 8.4.2 applied to the case submitted.

Answer

Thank you for your question.   Yes, that is an appropriate interpretation, but let me add three comments.

Firstly, recognize that your support functions are captive within your organization and therefore not subject to all of the same conditions that would be imposed on an outside service provider.   For example, you can’t stop doing business with them if you are not happy with their service.  I like your idea for an SLA – keep it simple, but outline your requirements and expectations for their support services.

Secondly, use your process approach (clause 4.4) to define the boundaries of your QMS and how those other external departments interface with you.  This will be helpful in helping your team and others to understand the relationship between your QMS and the rest of the organization.

Thirdly, take advantage of the Context of the Organization analysis (clause 4.1) to further explore those relationships and that will help to determine the level of control you require over those support functions.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

“Shall Be Determined” in 9001

Question

Many of the Quality Management Systems requirements in the ISO 9001: 2015 manual include the verbiage “shall be determined.”  I need to be sure that I understand exactly what this means in this context.  For example, “4.4  QMS and its processes 4.4.1 a)  The inputs required and the outputs expected of the QMS processes are determined.”   Does this mean that there should be process or work instruction written describing this?  Does it mean that there should be documentation showing the development of this information?

Answer

Thank you for your question.  It might be useful to look at the definition of the word determine.  According to the Oxford Dictionary:  Determine means to “Ascertain or establish exactly be research or calculation”, Merriam Webster has a similar definition:  “to find out about or come to a conclusion about by investigation, reasoning, or calculation.

Now to your question.  There does not need to be a procedure about how things are determined.  The output, or the determination itself, will serve as evidence that you did it.  But determine things in an honest way.  You and your CB auditor will assess the reasonableness of your determinations based on the context of your organization.  For example, if you are a hospital, and you “determine” that surgeons do not need to wash their hands, you should be subject to a nonconformance for getting that wrong.    In your example, taken from clause 4.4, the best way to do this is to create a flowchart(s) showing a series of process steps and their interactions.  The arrows in and out of each box along with explanatory text, will demonstrate that you have determined the inputs and outputs of each process step.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

Is Certification Revocable?

Question

If a company is ISO 9001: 2015 certified, is it revocable?

Answers

From Jim Werner:

A company can indeed have its certification revoked.  Being certified means the company has established a qualify management system that meets the requirements of ISO9001:2015.  The failure of the company to continue to meet those requirements can result in de-certification.

From George Hummel:

Most CBs will revoke a certificate if the client does not answer an audit non-conformance.  Their contract may define other instances.  The questioner should review his or her organization’s contract.

From Charles Cianfrani:

Certified companies receive surveillance audits periodically. If the company fails to maintain compliance with ISO 9001:2015 requirements, eventually (after a series of intermediary steps related to resolution of nonconformity have been unsatisfactorily pursued) their certification can be voided.

Transitioning to ISO 9001: 2015

Question

ISO 2015 has a 3 year implementation period. I recertified in 2014 and need to recertify in 2017. At this point I have a little under one year to transition instead of the 3 years identified. What alternatives are there that I might take advantage of so I have a longer transition period? My 3rd party registrar has been no help.

Answer

I would suggest that this individual approach their registrar/auditor and reason with them. I have heard of 3rd party auditors who are willing to help organizations with their transitions in numerous ways, including finding a comfortable way to transition without losing investment made in the current standard.

Second, the requirement to transition over to the new standard is not demanding that people wait until their current certificate runs out.  This company can begin a gradual transition right away. Stretching it over a couple years gives a company plenty of time to ‘learn’ and transition. Therefore, 2017 would be a possible time for a smooth change over to the new standard.

Registrars are our helpers; not some strangers lurking in the dark. They should be approachable and willing to help.

Also ASQ, as well as other sources, offer various forms of transition training and information.  The new standard can seem a bit intimidating at first glance but once thoroughly examined, it is actually more simple in several areas.

Atychiphobia – a persistent fear of failure can lead us to see stumbling blocks ahead of us. You can turn those stumbling blocks into stepping stones with some support from your registrar and a positive attitude.

Bud Salsbury, CQT, CQI

For more information about ISO 9001: 2015, please visit our Learn About Quality page or view these articles about transitioning to ISO 9001: 2015.

ISO 9001:2015 Documented Information Requirements

ISO documentation practices, requirements

Question

I am trying to ascertain if I need to write a Quality Manual to comply with ISO 9001:2015. I see some clauses require ‘documented information’. Do I just address those or the entire document?

Answer

Thank you for the question.

To begin with, the new ISO 9001:2015 Standard does not present a requirement for a Quality Manual. Those requirements are now part of Clause 4.3 and 4.4 of the new standard. That information “shall” be maintained as documented information.

You would be wise to 1] Acquire a copy of the 9001:2015 standard if you haven’t already done so. 2] Check in ASQ.org for information explaining the new terminology related to the standard. 3] Consider pursuing the services of a quality consultant for thorough guidance.

Respectfully,

Bud Salsbury
ASQ Senior Member, CQT, CQI

ISO 9001: 2015 Tools for Auditors and Risk Based Thinking

Mr. Pareto Head and ISO 9001 audit

Question

In addressing clause 4 of ISO 9001:2015 regarding organization context and interested parties, what type of tool (spreadsheet,diagram,flowchart,etc), would you recommend to use to simplify the practice and to give a proper  understanding for auditors ?  I understand that risk evaluation (ISO 9001:2015) should be accomplished not only at a high level of establishing and planning objectives, but also at the processes level. If this is right, could organization use some criteria to select processes to be evaluated?

Answer

Thanks for contacting ASQ’s Ask the Experts program.  Regarding your inquiry, your selection of tools such as spreadsheets, diagrams, flowcharts and etc., should be driven by whatever best fits your organization’s context, QMS scope and requirements of interested parties.  However, before proceeding with tool selection to “simplify” practices as mentioned in your inquiry, it is essential that the changes and new requirements of ISO 9001:2015 are fully understood and communicated throughout the organization.  As you know, transitioning from ISO 9001:2008 to ISO 9001:2015 will require much more than providing understanding to Auditors.  The transition process should begin with top management and then flow down to the process owners and others throughout the organization.  If a gap analysis hasn’t already been completed, consider doing so to identify those processes that must be improved to meet ISO 9001:2015 certification requirements.

As you know, risk based thinking (RBT) must be a part of an every organization’s process approach, to ensure risks and opportunities are identified and addressed.  Although RBT is not new, it is a changed approach.  ISO 9001:2015 supports the scalability of quality management systems which allows them to be specific to an organization’s  processes, products, and services.  The landscape of today’s quality management systems has changed.  It’s not a “one size fits all” situation.  For this reason, it’s essential for top management, process owners as well as the QMS Auditors to develop a thorough understanding of ISO 9001:2015 and its requirements.  Also of equal importance is the familiarization of top management, process owners, and Auditors with the principals of risk assessment, management and related terminologies (i.e., ISO 31000:2009).

The effectiveness of future QMS audits will depend upon Auditors that can apply their collective knowledge of ISO 9001:2015, risk assessment, and management requirements, as well as their in-depth knowledge of the industries, processes, products, and systems, audited.  Exemplar Global and other accredited ISO 17024 personnel certification bodies have developed online training courses for the purpose of explaining the requirements of ISO 9001:2015.  Other information about transitioning to ISO 9001:2015 is available on the International Accreditation Form’s (IAF) website at www.iaf.nu.  Click this link to read about the recent publication of ISO 9001:2015 http://www.iaf.nu/articles/Publication_of_ISO_90012015/443

About the second part of your inquiry (item b.), it’s important to be aware that RBT applies to every process that comprises your organization’s quality management system.  RBT should be integrated into your organization’s QMS and product planning processes to ensure risks and opportunities are identified and addressed.

A few key questions to consider include, how will your Registrar verify your organization’s conformance with ISO 9001:2015 requirements?  What is your Registrar’s timeline for transitioning existing clients to ISO 9001:2015 requirements?  What type of support will be provided to assist clients through the transition process?

I hope this helps.

Best regards,

Bill

Bill Aston, Managing Director
Aston Technical Consulting Services, LLC
Kingwood, TX 77339
Office: (281) 359-ATCS (2827)