Nonconformance Disposition

Chart, graph, sampling, plan, calculation, z1.4

Question

Should the person writing a non-conformance also be the person who dispositions the same non-conformance?

Answers

From John Surak:

This question is interesting.  In addition, there may be a lack of information to properly answer the question.  There is nothing in ISO 9001:2015 that prohibits the person who wrote the non-conformance from ensuring that non-conformance is addressed in an effective manner.  However, several questions remain.  Why did an individual write a non-conformance on one’s self?  Why did the person just take actions to eliminate the non-conformance without having to implement a correction or corrective action process?  This issue would be an interesting discussion during an audit, and it may lead to an audit trail that discusses leadership and commitment.

John G. Surak, PhD

From George Hummel:

This answer depends upon how you define “dispositions.”  If you mean take the corrective action, then no.  If you mean determines the effectiveness and evaluates the results, then yes.

For more on this topic, please visit ASQ’s website.

ISO 9001: 2015 Clause 8.3.4 and Product Design

PLCs, programmable logic controllers

Question

My company is implementing ISO 9001:2015 and my question is regarding Clause 8.3.4 d. Our company designs product for only 20% of our customer base. We do not have a validation process. We do send a prototype to the customer to test the part for a period of time to approve the design. In determining the scope of our organization, can we exclude the validation process and still become ISO 9001:2015 certified?

Answers

From John Surak:

This organization is involved in product design.  Therefore, the product design cannot be excluded.  However, the organization needs to review the validation clause.  8.3.4d states the following:   “validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use.”  It should be noted that neither 8.4.3d not the validation refences in ISO 9001 do not prescribe a method on how to conduct validation.  It would appear that the company has some sort of process they use to develop the prototypes.  This process should be codified or documented so that it is done in a consistent manner and in a way to ensure that the customer needs are met.

John G. Surak, PhD

From George Hummel:

Basically, you are outsourcing validation.  Therefore, you need to control that process per 8.4. I would not accept the exclusion. In the future, you may have a customer that requires you to do the validation. However, the final answer would be provided by your certification body.

Click here for more resources about ISO 9001: 2015.

Work Instructions and Audits

Chart, graph, sampling, plan, calculation, z1.4

Question

Regarding ISO 9001: 2008 (or 2015) auditing, I have always been trained that a work instruction when implemented as supporting the QMS can be audited as it is supporting the effectiveness of the QMS. I was recently told by a business owner that not only is that not true, he does not have to show me his work instruction.  I would like to reply with a clear technical response. Can anyone share their view on this?

Answers

Thank you for your question.   Of course you know you’re right.  It sounds like you have a major nonconformance against clause 5.1 on your hands.

Denis Devos
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

ISO 9001:2015 clause 7.5.1b states the following :
The organization’s quality management system shall include: documented information determined by the organization as being necessary for the effectiveness of the quality management system/

 Documented information includes both procedures and records see appendix A.3 (Documented information). 

 Since the work instructions are supporting the QMS, it is part part of the QMS, and can be audited as part of both the internal audit and external audit.  It appears that part of the confusion may be caused by a lack of understanding of the new term “documented information.”

John G. Surak, PhD
– Providing food safety and quality solutions –
tel: 1-864-506-2190
skype:  john.surak
email: jgsurak@yahoo.com
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

For more on this topic, please visit ASQ’s website.

Transition to ISO 9001: 2015

Reporting, best practices, non-compliance reporting, analysis

Question

We are in the process of reviewing our policies and procedures to be compliant with the ISO 9001: 2015 standard. When converting from ISO 9001: 2008 to ISO 9001: 2015, how should the version control be handled? Should we start at 0 again or move on to the next number?

Answer

I would recommend that the site does not re-number the revisions to zero.  The revision number should be used only for new procedures.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

For more on this topic, please visit ASQ’s website.

ISO Certification and Suppliers

Mr. Pareto Head and Supply Chain comic strip

Question

I work for a small family company that purchases items and potentially processes or packages them into heat protection materials. One of my existing customers is asking for ISO certification for some materials that I will sell to them. The material I’m trying to sell him comes from my supplier who is ISO 9001 certified, but my company is not. How can I show my customer that my supplier is ISO certified without the customer knowing who my supplier is?

Answers

The company is doing a value added process, and not a distributor.  As a result, if the customer is demanding ISO 9001 certification from the company, they need to make the decision, do they want to do business with the company? If so they need to pursue certification. If they do not want to pursue certification, they should tell the customer they do not want to pursue certification.  The customer can make the decision whether they will purchase product from the company.  I have had an experience where I did not want to do an audit with a company.  We told the customer, we will not do it.  The customer responded and came back with a reasonable proposal.  They wanted the business.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
www.stratecon-intl.com/jsurak.html

First, ISO certification is for a company’s quality management system, not for particular materials.  I would let the customer know, on company letter head, that:  “We certify that the materials we purchased are from ISO 9001 certified suppliers only.  The name of these suppliers is company confidential.”

James D. Werner
Principal Consultant
MDQC
Medical Device Quality Compliance, LLC

For more on this topic, please visit ASQ’s website.

FDA Regulation for Food and Beverage Labels

Inspection, FDA, Packaging, Requirements

Question
I have been asked to do a quality audit of a label manufacturer whose products are used on beverages and food packaging. They are currently asking to be audited using 21CFR211 (pharmaceuticals). Is there another standard that is more appropriate for their product?

Answer
21CFR211 is the FDA regulation for cGMP for finished pharmaceuticals. This regulation does not apply to the labeling of food and beverages. The proper FDA regulation is 21CFR101. I suggest that you first start on the FDA web page on food labeling and nutrition.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
www.stratecon-intl.com/jsurak.html

For more on this topic, please visit ASQ’s website.

Integrating ISO 22000, ISO 14001

Food safety testing, lab, standards

Q: In a food manufacturing company, with certifications to ISO 22000:2005 Food safety management systems — Requirements for any organization in the food chain as well as ISO 14001-2004: Environmental management systems – Requirements with guidance for use, the certification to ISO 22000 allows the company to operate with exemption from the Food Act. The exemption from Food Act determines that the organization has a permit to use its physical premises to indulge in industrial activity involving consumable food products.

Now, this permit is issued with certain conditions — e.g., regular updates to the issuing authority regarding changes to to the food safety plan. We view this requirement as a legal requirement.

My question is, would we use the legal register developed as part of ISO 14000 as the tool to manage the compliance to the above legal requirements? Doubt arises because the legal requirement addresses a condition imposed by the food safety system, but at the same time, if it is not complied with we could lose our license to operate (which I could interpret as an environmental aspect…license to exist).

Could someone kindly advise what they would consider to be a logical option?

Response from Susan Briggs:

A: I am not a food safety expert, so I  cannot give an opinion on whether or not using a register/process established for environmental regulations can be used for tracking food safety regulatory requirements.  But from the ISO 14001 perspective, and my professional opinion, the answer is “of course!.”

The intent of management system standards  — certainly all of the ones I have worked with– is to integrate the processes that are required by a standard (whether it be ISO 14001, ISO 22000, etc.) into the company’s business management process (i.e., a single process that is used to track all of the company’s legal obligations…environment, safety, finance, food safety, etc.), not to create stove piped processes (i.e., separate processes/systems for tracking depending on the nature of the regulation).

Susan Briggs
Director of Environment, Health and Safety, Textron Systems
Wilmington, MA
Chair, U.S. TAG to ISO/TC 207 on Environmental Management Systems

Response from John Surak:

A: I am not sure what is meant by the term “exemption from the Food Act.”  ISO 22000 requires that the organization meet all of the legal requirements of the country  in which the site is located.  In addition, if the organization is exporting food, they must meet all of the legal requirements of the target company.  ISO 22000 was developed to be compatible with the other ISO management system standards.  Therefore, it is fully permissible to develop an integrated management system as long as the management system meets the requirements of each standard and regulatory requirements.  I personally support the development of an integrated management system.  Sue conveyed this thought very well in her response.

Just one additional note, if the organization’s customers expect that the organization has a food safety management system that meets the requirements of Global Food Safety Initiative (GFSI), then the organization should seek registration to FSSC 22000 rather than ISO 22000.  FSSC 22000 is a food safety audit scheme that utilizes ISO 22000 and ISO 22002-1.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

For more on this topic, please visit ASQ’s website.