IATF 16949:2016 Transition Q & A from IAOB

Welding robots movement in a car factory

Cherie Reiche, program manager for International Automotive Oversight Bureau (IAOB) recently presented at Eagle Certification Group’s June Boot Camp to discuss progress of the IATF 16949 transition and the unique intent behind some of the new requirements.   While no FAQs or SIs have yet been published for IATF 16949:2016, Cherie shared some of the common questions that IAOB and IATF members have received for interpretation and clarification from Certification Body automotive auditors.

Must both ISO 9001:2015 and IATF 16949:2016 be used when conducting audits?
Answer:  Yes, as it states in the IATF 16949 Foreword – Automotive QMS Standard, IATF 16949 is not a stand-alone standard, it must be used in conjunction with ISO 9001:2015.

Will the IATF be granting waivers for those organizations who cannot meet the transition plan timing?
Answer:  No, there are no plans to approve/grant waivers.  If the organization does not complete their transition audit in a timely manner (including allowing time for Non Conformance management and CB certification decision), then the organization will lose their certification.  ISO/TS 16949 certificates are not valid past their expiry or September 14, 2018.

Is IATF 16949, Section 4.4.1.2 related to product safety during manufacturing or final customer product safety concerns?
Answer:  4.4.1.2 was created to address final customer safety concerns (braking systems, airbags, fuel systems, etc.).  If the product (or process) is a safety item on the final product, then the organization has to identify the statutory and regulatory product safety requirements that must be met, along with items a) through m) in 4.4.1.2.  This is one of IATF 16949’s required documented processes, so inputs/outputs, metrics, etc. are required.

Can an organization demonstrate competence only through degrees and certifications for their employees?
Answer:  No, there are multiple ways for an organization to identify training needs and achieving the necessary competence for their personnel.  It is up to the organization to define (and document) training needs, including awareness, and competency requirements for all personnel performing activities that impact conformity to product and process requirements.

What about competency for internal auditors and second party auditors?  Do they all have to take an IATF-sanctioned lead auditor training course?
Answer:  No.  Organizations are responsible for ensuring key personnel, including their auditors, are properly trained and competent.  The IATF supports the use of IATF-recognized training providers; however, the IATF does NOT mandate the use of a lead auditor training course for all auditors in the organization.  Organizations are still allowed to have key personnel trained and certified as lead auditors, and then use those key personnel to train-the-trainer to disseminate the information throughout the organization.

If an organization is not design responsible for the software used in their product, does 8.3.2.3 (embedded software) apply?
Answer:  Section 8.3.2.3 refers to internally developed embedded software, not “functional test” software to see if a widget works (or not) during production.  For those organizations that are design responsible for the software used in their product, they must use a software development assessment methodology to assess their own software development process.  Annex B contains suggested Software Process Assessments such as CMMI or SPICE.

What is the goal of 8.4.2.3?  Do all organizations supplying automotive product have to be IATF 16949 certified?
Answer:  The ultimate objective is to have IATF 16949 certification; however, the IATF recognizes that for various reasons, that is not feasible for all organizations.  At a minimum, the expectation is for organizations to be certified to ISO 9001:2015, unless otherwise authorized by the organization’s customers.  Items a) through e) are a cadence which is applicable to the entire automotive supply base.

How are 8.3.2.3 and 8.4.2.3.1 different?
Answer:  8.3.2.3 refers to the organization itself and their internally developed embedded software. 8.4.2.3.1 refers to the organization’s suppliers of automotive product related software.  The organization needs to ensure that their suppliers of automotive product related software implement and maintain a process for software quality assurance for their products.

SimpleQuE will be sharing more information from IAOB and other Eagle Boot Camp sessions in future posts and on social media.  Follow us on Facebook, LinkedIn and Twitter for the latest quality and certification news.

Sign Up For Our Newsletter

World Accreditation Day 2017

HILVERSUM, NETHERLANDS - FEBRUARY 06, 2014: Social media are trending and both business as consumer are using it for information sharing and networking.This year, the theme is “delivering confidence in construction and the built environment.” Construction companies and distributors are impacted by advances in manufacturing technologies, construction techniques, and rapid urbanization. Risk mitigation in construction is critical as structural failures, natural disasters, and material quality are all factors to be considered. Accreditation standards allow for companies to prepare for and assess how to mitigate all potential risks in the built environment.

As a result, accreditation is essential to providing assurance that construction projects are safe, secure, and sustainable. Accreditation does this through systems that help increase efficiency, manage risk, and determine compliance with regulations. Some of the management standards that pertain to construction as well as to a wide variety of industries are: ISO 9001 – for quality management systems; ISO 14001 – for environmental management and; OHSAS 18001 – for occupational health and safety.

In coordination with World Accreditation Day, events, media coverage, and workshops will occur in more than 100 countries globally to bring attention to the impact of accreditation. Ultimately, accreditation can be thought of as a common language used to examine and discuss issues related to environmental, safety and quality management.

SimpleQuE assists organizations with implementation, improvement or transition of these standards by providing customized consulting, training and internal auditing services and solutions. Contact us for more information.

 

#WAD2017

SimpleQuE shares an important AS9100:2016 transition timeline reminder from IAQG

SQ_Infographic_AS9100Timeline Revised for Sept release

“The IAQG Other Party Management Team (OPMT) would like to remind all certificated organizations that there are two key target dates within the “International Aerospace Quality Group (IAQG) Other Party Management Team (OPMT) Supplemental Rule 003 – Rules for 9100/9110/9120:2016 and 9101:2016 Transition” document that were established in order to ensure that a certified organization transition occurs prior to the 15 September 2018 end date.

The first key target has now passed. In accordance with SR003; “10.a By March 1, 2017 AQMS certified organizations shall communicate with their CB to establish an intended date for 9100/9110/9120:2016 AQMS standard transition readiness.”  We greatly appreciate the efforts that certificated organizations have taken to meet this requirement and would like to remind those that have not yet made transition plans; there is an elevated risk of not meeting the 2018 end date if you have not established and communicated the aforementioned date to your CB.

The second key target date in SR003 is 15 June 2017. In accordance with SR003; 9.g No initial, surveillance or recertification audits shall be started to the previous versions of the AQMS standards after June 15, 2017.” We must ensure that transition has a start date or Certification Bodies may face auditor resource issues in 2018 as the transition end date approaches.”

SimpleQuE is an ISO 9001:2015 certified company that provides ISO, AS and IATF consulting services from quality experts to assist organizations in successfully meeting transition targets. Contact us for more information.  IAQG also provides AS9100 D transition support materials.

Risk Management for Aerospace and Defense Industries

Aerospace transport and people. Two pilots dressed in uniform flying jet airliner on sunny day sitting inside aircraft cockpit surrounded by equipment. Selective focus on captain's hand on power lever

In a business environment failure and negative consequences are the last things anyone wants to encounter.  But the reality is that risk is always present and comes from multiple sources, whether from inside the organization or from external elements. Due to the complexity of aviation, space, and defense processes, products, and services, and the severity of the potential consequences of failures, a formal process to manage operational risks is required.

The exercise of risk management is how a company proactively applies quality standards to keep a lid on risk as much as possible from creating negative ramifications in the supply chain or to production or scheduling, etc. While to some it can seem like bureaucracy or unnecessary controls, risk management pays for itself many times over with the cost avoidance it helps secure. All it takes is one bad event to see why risk management is so important, that’s assuming the company survives that event.

The elements of risk management are clear and straightforward as well. It’s an ongoing, cyclical process of identifying risks, assessing them, proactively reducing their probability of occurring by control, and mitigating those that are allowable. But just following the process alone doesn’t explain why a business should have a risk management process in the first place.

In AS9100 the operational risk management process is supported by specific requirements throughout clause 8, to drive an enhanced focus on:

  • understanding risk impacts on operational processes; and
  • making decisions on operational processes and actions to manage (e.g., prevent, mitigate, control) potential undesired effects.

Within aviation, aerospace, and defense, risk is expressed as a combination of severity and likelihood of having a potential negative impact to processes, products, services, customer, or end users. In AS9100, operational risk management must include how the company defines their risk assessment criteria (e.g., likelihood, consequences, risk acceptance), and ultimately acceptance of risks remaining after implementation of any mitigating actions. Something as simple as the example below may be the simplest way to quantify risks. More detail could be utilized with scoring.

table

The standard requires an aerospace quality management system that takes into account the identification of various risks related to organizational circumstances in regard to its needs, business objectives, product range, applied processes and the size of the organization.  Given the fact that risk can trigger catastrophic results when unmanaged, every aerospace process must have the ability to reduce the occurrences and impacts of unacceptable risks, if not eliminate them entirely. And a risk management process is the only consistent way to assess risks and quantify when they are acceptable risks or when action is required.

Benefits to companies that incorporate risk management through ISO and AS quality standards include:

  • An increased probability of meeting schedules, budgets and production objectives
  • The means of making management proactive instead of reactive to risk issues
  • An increased awareness across the organization to recognize and mitigate risk
  • Reduced warranty and field complaints
  • Reduced supply chain risks
  • An increased ability to successfully plan, manage and implement changes (whether customer, supplier or self-initiated)
  • An increased ability to comply with laws, regulations, and customer requirements
  • An enhanced capability to track financial expenditures to poor results, and
  • Improved relations with stakeholders who see the results of quality and risk management in place

Look Fors – Part 3: Planning for Risk and Change

A pen and a magnifying glass focusing on a chart.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?

016_1469JimFLOffice 1What are 3rd party auditors looking for?  This is the third of a three part series by Jim Lee, President of simpleQuE

Clause 6 of ISO 9001:2015 – Planning for Risk and Change
In parts one and two of this series of articles, Context of the Organization and Leadership were covered. Next is the topic of Planning for Risk, which brings risk-based thinking to the forefront. Once the organization has identified the risks and opportunities in Clause 4, it needs to stipulate how to address these.  The planning phase examines who, what, how and when risks must be addressed.  It’s a proactive approach that replaces preventative action and hopefully reduces the need for corrective actions later on.

Particular focus is also placed on the objectives of the management system.  These should be consistent with the quality policy and be measurable, monitored, communicated and updated when needed.  Changes to the QMS should also be planned and consequences understood to assess risk and minimize potential negative impact.

 

Third party auditors may use the following for evidence of risk based thinking and integration into the quality management system:

  • Design reviews
  • Competitive analysis, benchmarking, recall analysis, competitive testing
  • Process control plan, internally tighter tolerances and controls than customer specs
  • Management reviews
  • Process and design FMEA (Failure Mode and Effects Analysis)
  • Corrective Actions, and replicating actions across similar products and processes
  • Metrics related to objective in management review
  • Customer scorecards, dissatisfaction, trends and performance
  • Operational meeting minutes with action items for higher risks
  • Change in leadership or new programs
  • Processes to deal with new technology, new materials, new processes, new products, new suppliers, new packaging, moving production, changing equipment
  • Program plan describing and monitoring change
  • Equipment maintenance plans and programs
  • Calibration frequencies
  • Internal audit frequencies, and the need to audit some areas more than others
  • Contingency plans
  • Strategic or business planning, SWOT (Strength, Weaknesses, Opportunity, Threats) analysis, PEST (Political, Economic, Social and Technological) analysis, etc.
  • Approval for capital, along with the justification and risks to invest now or delay to later
  • Supply chain risk management with supplier performance, financial stability, sole sourcing, geography with lead times and inventory in transit, leverage, long term agreements, etc.

 

Not that all of the elements listed above will be needed, but organizations may experience potential issues if:

  • Risks and opportunities are not identified when there is clear evidence of problems or need for action
  • Risk-based thinking is not driven by leadership
  • Actions to address risks and opportunities are not taken or not effective
  • Risk evaluation is not applied throughout the QMS (supplier selection and evaluation, new product or service, short lead time, capacity constraints, etc.)
  • Measurable objectives are not established
  • Objectives are not monitored or changed as the context of the organization changes
  • Action is not taken when objectives are not met, or trends are going the wrong direction
  • The impact of change is not identified or magnitude of change not understood
  • Costs/schedule are not included in defining change

Also, read more about Context of the Organization in Part 1 and Leadership in Part 2.

 

 

Source:  NQA’s Teaming Conference – August 2017

5 Steps To Manage Your Environmental Impact And Boost Growth

hand holding signs of different green sources of energy in hexahedron shape a 'reduce reuse recycle' sign in the centre. Blurred green background. Concept of clean environment.

Twenty years ago small businesses focused on one thing: how to make profits. Today, environmental impact is turning out to be just as important as meeting the bottom line. Here’s how to manage it for growth:

  • Incorporate planning – the very first place to start with addressing environmental impact and risks is to include them in strategic planning at every level. Because ISO 14001 is the cornerstone of environmental standards for a business, planning is essential. If the matter isn’t addressed to begin with from the top down, one of two things occur: 1) no one internally treats the matter as a priority, and 2) responses that do occur end up being ad hoc and disparate, which often incurs more costs than expected.
  • Anticipate that not everyone will be happy at first – getting environmentally focused is still a politically-charged approach. Education is probably the best response, even though it may require a bit more effort. At the end of the day, however, socially-conscious businesses sometimes have to stake out a claim. Choose wisely and then stay the course.
  • Embrace leadership – businesses that really break out and become the major players using ISO 14001 as their environmental management system are not necessarily the biggest in their industry. Smart businesses are out ahead looking for these leadership opportunities to craft their own path and market niche before anyone else.
  • Use size to an advantage – Being a small business comes with a lot of advantages in terms of flexibility and speed for adjusting to changes. Rather than a big bureaucracy involved in shutting down an assembly line, small business can test the waters far more rapidly and frequently with new ideas in environmental impact and that’s a huge competitive advantage when used effectively.
  • Don’t throw out the baby with the bath water – Every new change should have a thorough cost-benefit analysis. There are plenty of existing quality management procedures that align with ISO 14001, including ISO 9001 and IATF 16949.

SimpleQuE offers customized consulting solutions for all sizes of Aerospace, Automotive, Laboratory, Manufacturing and Service organizations. When it comes to environmental impact and responsibility, ISO 14001 certification makes good business sense for businesses small and large, across all industries.

ISO 9001 Myths and Their Reality

Artboard 2

ISO 9001 is the world’s most used management system standard, existing for almost 30 years, it tends to fall into the gap where many people have heard about it, but not many fully understand what the standard involves. As a result, there are common myths about ISO 9001 that simpleQuE can help to clarify.

Is it complicated and difficult to implement?
In most cases, no. SimpleQuE was one of the first consulting companies in the world to become ISO 9001:2015 certified, so we know what it takes to transition to the new standard. It is possible to simplify ISO implementation, transition, training and maintenance, by integrating simple solutions that fit into your company’s culture.  This can be done with a gap audit checklist to identify where you’re already in compliance and more effectively target only those areas that need work.

Isn’t ISO 9001 an outdated model?
While it is true that ISO 9001 has been around since 1987, it has evolved through several revisions to match the changing needs of business. Today there is instant access to information, higher expectations from customers, more complex supply chains and a globally competitive economy.  ISO 9001:2015 takes all of these factors into account.

Isn’t ISO 9001 a standard that only benefits big corporations?
This is not the case. ISO 9001 is intended to be a set of requirements that can be used by any company, of any size, in any industry. The requirements are written as a set of best practices needed to control all the processes of a business system – no matter what the company does. The standard is designed to be flexible; the focus is on improving quality and customer satisfaction, which every organization can benefit from including:

  • More efficient use of resources and improved financial performance,
  • Improved risk management and protection of people and the environment, and
  • Increased capability to deliver consistent and improved services and products, thereby increasing value to customers and all other stakeholders.

Will everything have to be monitored and measured?
Processes do have to be monitored and measured to ensure that they are performing as designed, however, the standard allows a company to consider the impact that a process has on product/service conformity and the effectiveness of the Quality Management System (QMS) when determining what to monitor or measure and the method to be adopted.  A good QMS will help with monitoring performance and driving improvement.

Is ISO 9001 is the sole responsibility of the quality manager or department?
This couldn’t be farther from the truth, since the requirements cover every aspect of the business – from planning through delivery and post-delivery of your product or service.

Doesn’t ISO 9001 cost a lot to implement?
The question of cost will depend on the size and complexity of the organization and the competency of the personnel. Basic implementation pricing should be competitive and reasonable, depending if the work is done internally or through an external consulting service. The overall outcome of these activities should be to reduce costs through improvements and increase revenues through satisfied customers. Your return on investment should be well above the costs. Note that ISO certification is a separate additional cost.

SimpleQue can customize consulting for your organization and provide simple solutions while clearing up any misconceptions about ISO 9001 and how it can benefit your organization. Contact us today to find out more information and how simpleQue can help!

Look Fors – Part 2: Leadership

Stock quotes price charts and a magnifying glass with stock price in detail.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015? 

What are 3rd party auditors looking for?  This is the second of a three part series by Jim Lee, President of simpleQuE

Clause 5 of ISO 9001:2015 – Leadership

Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.

With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS.  Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business.  3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.

  • Established and communicated quality policy, objectives, strategic direction, and performance
  • Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
  • Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
  • Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
  • Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
  • Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
  • Customer satisfaction and perception
  • Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
  • Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
  • The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.

Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:

  • Identify process owners
  • Use metrics to monitor performance of the QMS
  • Include performance metrics in the Management Review
  • Develop action plans when performance goals are not met
  • Develop customer communication processes
  • Respond to customer complaints
  • Consider results of customer feedback/surveys and take appropriate actions
  • Identify internal customer requirements
  • Make improvement part of the quality policy
  • Align roles and responsibilities with processes
  • Contingency and emergency roles and responsibilities not defined
  • Have appropriate training and awareness of the ISO 9001:2015 requirements

Coming soon – Part 3 and what auditors are looking for in regard to Risk.  Also, read more about Context of the Organization in Part 1.

Source:  NQA’s Teaming Conference – August 2017

SimpleQuE’s IATF 16949 Gap Audit Checklist is Now Available!

Innovation concept. Businessman throw a paper plane symbolizing acceleration and innovation.

The automotive quality standard has come a long way since its first inception in 1994.  With the new standard and more than 200 changes, simpleQuE recognized the need for an IATF Gap Audit Checklist to assist companies with the transition. The checklist includes the new automotive requirements (IATF 16949:2016 and ISO 9001:2015) and is intended to be used as a tool to identify both compliance with the new requirements and the differences between ISO/TS 16949:2009 and the new requirements.

The utilization of this checklist, when populated with objective evidence of compliance and non-compliance, will satisfactorily demonstrate you have audited the differences between ISO/TS 16949 standard and the new requirements.  It should be used with your certification body as evidence of internal audits to the new IATF 16949 and ISO 9001:2015 requirements.  It’s one of the methods simpleQuE auditors and consultants use with our own clients.

A free half hour of phone or email consulting with a simpleQuE expert is included with the checklist for the purchase price of $300.

The simpleQuE team wishes you a smooth and simple transition!