Once again, the IAQGs AS9100 standard has undergone a new revision. The latest version of this standard adds requirements for product safety, counterfeit parts, formal processes for operational risks, awareness, and ethics and human factors. Read more about the journey this pivotal standard has taken over the years.
Don’t forget, June 15, 2018 is the final transition audit deadline for the new AS9100 standard. Learn more by viewing our transition timeline.
Cherie Reiche, program manager for International Automotive Oversight Bureau (IAOB) recently presented at Eagle Certification Group’s June Boot Camp to discuss progress of the IATF 16949 transition and the unique intent behind some of the new requirements. While no FAQs or SIs have yet been published for IATF 16949:2016, Cherie shared some of the common questions that IAOB and IATF members have received for interpretation and clarification from Certification Body automotive auditors.
Must both ISO 9001:2015 and IATF 16949:2016 be used when conducting audits?
Answer: Yes, as it states in the IATF 16949 Foreword – Automotive QMS Standard, IATF 16949 is not a stand-alone standard, it must be used in conjunction with ISO 9001:2015.
Will the IATF be granting waivers for those organizations who cannot meet the transition plan timing?
Answer: No, there are no plans to approve/grant waivers. If the organization does not complete their transition audit in a timely manner (including allowing time for Non Conformance management and CB certification decision), then the organization will lose their certification. IATF 16949 certificates are not valid past their expiry or September 14, 2018.
Is IATF 16949, Section 4.4.1.2 related to product safety during manufacturing or final customer product safety concerns?
Answer: 4.4.1.2 was created to address final customer safety concerns (braking systems, airbags, fuel systems, etc.). If the product (or process) is a safety item on the final product, then the organization has to identify the statutory and regulatory product safety requirements that must be met, along with items a) through m) in 4.4.1.2. This is one of IATF 16949’s required documented processes, so inputs/outputs, metrics, etc. are required.
Can an organization demonstrate competence only through degrees and certifications for their employees?
Answer: No, there are multiple ways for an organization to identify training needs and achieving the necessary competence for their personnel. It is up to the organization to define (and document) training needs, including awareness, and competency requirements for all personnel performing activities that impact conformity to product and process requirements.
What about competency for internal auditors and second party auditors? Do they all have to take an IATF-sanctioned lead auditor training course?
Answer: No. Organizations are responsible for ensuring key personnel, including their auditors, are properly trained and competent. The IATF supports the use of IATF-recognized training providers; however, the IATF does NOT mandate the use of a lead auditor training course for all auditors in the organization. Organizations are still allowed to have key personnel trained and certified as lead auditors, and then use those key personnel to train-the-trainer to disseminate the information throughout the organization.
If an organization is not design responsible for the software used in their product, does 8.3.2.3 (embedded software) apply?
Answer: Section 8.3.2.3 refers to internally developed embedded software, not “functional test” software to see if a widget works (or not) during production. For those organizations that are design responsible for the software used in their product, they must use a software development assessment methodology to assess their own software development process. Annex B contains suggested Software Process Assessments such as CMMI or SPICE.
What is the goal of 8.4.2.3? Do all organizations supplying automotive product have to be IATF 16949 certified?
Answer: The ultimate objective is to have IATF 16949 certification; however, the IATF recognizes that for various reasons, that is not feasible for all organizations. At a minimum, the expectation is for organizations to be certified to ISO 9001:2015, unless otherwise authorized by the organization’s customers. Items a) through e) are a cadence which is applicable to the entire automotive supply base.
How are 8.3.2.3 and 8.4.2.3.1 different?
Answer: 8.3.2.3 refers to the organization itself and their internally developed embedded software. 8.4.2.3.1 refers to the organization’s suppliers of automotive product related software. The organization needs to ensure that their suppliers of automotive product related software implement and maintain a process for software quality assurance for their products.
SimpleQuE will be sharing more information from IAOB and other Eagle Boot Camp sessions in future posts and on social media. Follow us on Facebook, LinkedIn and Twitter for the latest quality and certification news.
Did you know that this year is the 70th anniversary of ISO standards? Over the years, standards have helped us become more productive, safer, and more efficient. Take a look below at some of the milestones in the growth of ISO.
Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?
What are 3rd party auditors looking for? This is the second of a three part series by Jim Lee, President of simpleQuE
Clause 5 of ISO 9001:2015 – Leadership
Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.
With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS. Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business. 3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
Coming soon – Part 3 and what auditors are looking for in regard to Risk. Also, read more about Context of the Organization in Part 1.
Source: NQA’s Teaming Conference – August 2017
What are 3rd party auditors looking for? This is the first of a three part series by Jim Lee, President of simpleQuE
Clause 4 of Annex SL – Context of the Organization
This is the cornerstone of a management system and the business’ strategic direction. An organization needs to identify internal and external issues that can impact its intended outcomes, as well as all interested parties and their requirements. It needs to document its scope and set the boundaries of the management system to line up with business objectives.
The context doesn’t have to be documented, so 3rd party auditors (as well as internal auditors) will be asking questions of various management members, and looking for these as objective evidence that an organization understands its context and considers all the factors and stakeholders affecting the business. The items listed below don’t have to exist, but if they do, you want to take credit for them in understanding the context. Some items may not by themselves demonstrate an understanding of the context, but combined with multiple examples, can provide the evidence an auditor is looking for.
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
Coming in future articles – what auditors are looking for in regard to Leadership and Risk.
Watching the big game? Here are a few takeaways that apply to any business.
Executive Vice President and Chief Operations Officer Deanne Sparr welcomed Barb with these words, “We’re thrilled to have Barb as part of the simpleQuE team! Her attention to detail and knowledge of certification requirements is exactly the support we are excited to add to our staff and to provide to our clients.”
What is your name? Barbara Dodson.
What is your position and what do you do for simpleQuE? Operations Manager – I’m responsible for client relations and oversight of the performance of audit activities. I am also a lead auditor for ISO 9001.
How long have you worked for simpleQuE? I joined simpleQuE on Oct 31, 2016.
What do you like most about working for simpleQuE? SimpleQuE doesn’t take a one-size-fits-all approach – we understand that each client is unique and has different needs.
What is your greatest accomplishment – work or personal? My greatest personal accomplishment is raising two wonderful children.
When you are not working, where can people find you? Either spending time with my family or relaxing with a good book.
What is your hometown? Canton, OH.
Client satisfaction is pinnacle to your background. What are your client-focused approaches to simpleQuE? I am quick to follow up on any questions and or concerns, I like to pick up the phone and talk to our clients. In this day and age it’s so easy to send off an email, but I have always found that most clients really like to speak to someone personally.
Explain how simpleQuE is different from their competition. Most of our staff and subcontractors have certification body experience which I believe makes a very big difference.
Where is your favorite getaway? I love the beach and one of my favorite vacation spots is Cancun.
How would other people describe you in three words? Ethical, passionate about things that I believe in and caring.
Digitalization, globalization, competition and the speed of technological advances has changed the nature of business. ISO 9001:2015 has been in effect for a full year and it places a heavy emphasis on using “risk-based thinking” for managing quality-related processes. Risk has always been implicit in ISO 9001. But the latest revision asks organizations to make a cultural shift—rather than focusing on isolated problem solving and resolution, they’ll focus on prevention and performance improvement.
The International Organization for Standardisation (ISO) explains it this way:
“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.
Under the new guidelines, risk management serves as the cornerstone of quality management system design. As organizations determine the processes needed for a quality management system, they’re also asked to determine the associated risks and opportunities and to plan and implement appropriate actions to address them.
In the context of ISO, the concept of “risk” relates to the uncertainty in achieving the main objectives of International Standards—namely, to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Risk is the possibility of events or activities preventing an organization from achieving its strategic and operational goals.
This shift in thinking does not replace the standard’s process-oriented approach, but enhances it. While the process is still a critical part of ISO 9001:2015, processes must now be implemented with an acute awareness of risk.
Organizations are asked to identify, analyze and prioritize all potential risks as they undergo building or adapting their existing quality management implementations for updated certification.
Risks can be defined by two parameters—the severity, or seriousness, of the harm, and the probability that the harm will occur. Risks can be assessed based on the likelihood they will occur, the likelihood they can be detected, and potential impact should they occur. From there, risks are evaluated based on their importance (what is acceptable, what is unacceptable?) and actions are planned to address the risks, whether that’s avoiding or eliminating the risk or mitigating it.
Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.
What’s the best way to document risk-based thinking and demonstrate the approach during audits?. Evaluate how you evaluate risks today with the processes you have. Understand how you decide when risks are acceptable or unacceptable. ISO wants to see that you record identified risks when action is required, and the action steps to be taken.
Putting into place the Plan-Do-Check-Act (PDCA) methodology can be a great way to define, implement and control corrective actions and improvements. Companies should Plan what to do and how to do it, Do what was planned, Check that things happened according to plan, and Act on how to improve the next time around.
Companies have two years to make the transition to ISO 9001:2015, as certifications for the 2008 edition will expire after September 2018.
SimpleQuE was one of the first consulting companies to be ISO 9001:2015 certified and we’re ready to assist organizations with transition or implementation. Please visit our website for more information about our services.
Did you know that National Aerospace Week was established in 2010 as an opportunity for the aerospace and defense industry and its supporters to recognize the enormous contributions that the industry makes to America’s economy, competitiveness and national security? Continue reading “Soaring to New Heights”
More than 1 million organizations and companies worldwide understand the benefits of being ISO 9001 certified. Educational institutions are beginning to recognize the importance of established standards and are seeking certification, as well. As we enter the new school year, a these schools have taken the initiative and will start the year as ISO 9001 certified: Oakwood University, Greater Altoona Career and Technology Center, DRS International School, and Wenatchee School District #246. Continue reading “ISO 9001 Certification Changing the Standards for Higher Education”