Did you know that this year is the 70th anniversary of ISO standards? Over the years, standards have helped us become more productive, safer, and more efficient. Take a look below at some of the milestones in the growth of ISO.
Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?
What are 3rd party auditors looking for? This is the second of a three part series by Jim Lee, President of simpleQuE
Clause 5 of ISO 9001:2015 – Leadership
Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.
With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS. Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business. 3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.
- Established and communicated quality policy, objectives, strategic direction, and performance
- Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
- Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
- Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
- Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
- Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
- Customer satisfaction and perception
- Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
- Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
- The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
- Identify process owners
- Use metrics to monitor performance of the QMS
- Include performance metrics in the Management Review
- Develop action plans when performance goals are not met
- Develop customer communication processes
- Respond to customer complaints
- Consider results of customer feedback/surveys and take appropriate actions
- Identify internal customer requirements
- Make improvement part of the quality policy
- Align roles and responsibilities with processes
- Contingency and emergency roles and responsibilities not defined
- Have appropriate training and awareness of the ISO 9001:2015 requirements
Coming soon – Part 3 and what auditors are looking for in regard to Risk. Also, read more about Context of the Organization in Part 1.
Source: NQA’s Teaming Conference – August 2017
What are 3rd party auditors looking for? This is the first of a three part series by Jim Lee, President of simpleQuE
Clause 4 of Annex SL – Context of the Organization
This is the cornerstone of a management system and the business’ strategic direction. An organization needs to identify internal and external issues that can impact its intended outcomes, as well as all interested parties and their requirements. It needs to document its scope and set the boundaries of the management system to line up with business objectives.
The context doesn’t have to be documented, so 3rd party auditors (as well as internal auditors) will be asking questions of various management members, and looking for these as objective evidence that an organization understands its context and considers all the factors and stakeholders affecting the business. The items listed below don’t have to exist, but if they do, you want to take credit for them in understanding the context. Some items may not by themselves demonstrate an understanding of the context, but combined with multiple examples, can provide the evidence an auditor is looking for.
- Business plan
- Strategic plan
- SWOT analysis (Strengths Weaknesses Opportunities Threats)
- Vision and mission statement
- Process mapping
- External parties identified
- Lesson learned
- Internal meeting minutes to determine company goal setting
- Metrics to measure effectiveness of QMS
- Process turtle diagrams
- Process flow plans
- Quality manual
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
- Identify or understand their primary competitors
- Mention civic responsibility
- Consider future business trends
- Identify all customer requirements
- Identify local/state/national requirements
- Identify required outputs needed for internal customers
- Identify uncertainties like negative risks or positive opportunities
- Determine the processes used to flow the business from quote to delivery
- Identify outsources processes
- Establish process goals
Coming in future articles – what auditors are looking for in regard to Leadership and Risk.
Watching the big game? Here are a few takeaways that apply to any business.
- You’re only as strong as your weakest link
Football is a team sport, and so is business. A weak link in the supply chain can be detrimental to a business that fails to assess supply chain risk management.. SimpleQuE’s supply chain audits and corrective actions drive supplier development and can identify risks to your company.
- Sometimes you have to take the punt to score the touchdown
Football is all about taking risks. Going for a field goal is an easy way to score three points, but punting the ball could result in a touchdown for seven points. Just as the coach examines the possible outcomes before making the decision to go for a field goal or a punt, ISO 9001 calls for a manager to use a risk-based thinking cap. Organizations are asked to identify, analyze and prioritize all potential risks as they undergo implementation or upgrading their existing quality management system for certification.
- When the plan fails, change the plan
Things do not always go as planned on the football field. It’s not an ideal situation, but by quickly adapting to the current circumstances, the most effective teams can often salvage a few yards rather than giving up. Similarly, companies often need to come together, improvise and move forward in the face of adversity.
- Always play the long game
Sure, the other team may score a touchdown in the first few minutes of the game. Instead of focusing on what went wrong, the best teams keep a long-term perspective. And in business, try not to get caught up in the day-to-day—rather, focus on long-term quality and excellence.
- Training is important
Far before the game starts, football players have spent days and weeks practicing and training to ensure they’re ready to play. Consider offering plentiful opportunities for training, such as SimpleQuE’s slate of courses covering internal auditing, root cause analysis and problem solving, and more.
- Understand the competition
The best coaches understand that beating the other team is often more about understanding their strengths and weaknesses than it is about playing your best. Businesses can employ the same strategy when it comes to their competition. Understand what advantages other companies have while also learning their key weaknesses is essential to your own success.
- Always watch the highlight reel
In football and in business, it’s essential to learn from your past mistakes as well as to repeat your past successes. Every situation has an upside, and provides opportunities to learn and move forward. As we always emphasize when working with companies on ISO, AS, or IATF implementation, Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.
Executive Vice President and Chief Operations Officer Deanne Sparr welcomed Barb with these words, “We’re thrilled to have Barb as part of the simpleQuE team! Her attention to detail and knowledge of certification requirements is exactly the support we are excited to add to our staff and to provide to our clients.”
What is your name? Barbara Dodson.
What is your position and what do you do for simpleQuE? Operations Manager – I’m responsible for client relations and oversight of the performance of audit activities. I am also a lead auditor for ISO 9001.
How long have you worked for simpleQuE? I joined simpleQuE on Oct 31, 2016.
What do you like most about working for simpleQuE? SimpleQuE doesn’t take a one-size-fits-all approach – we understand that each client is unique and has different needs.
What is your greatest accomplishment – work or personal? My greatest personal accomplishment is raising two wonderful children.
When you are not working, where can people find you? Either spending time with my family or relaxing with a good book.
What is your hometown? Canton, OH.
Client satisfaction is pinnacle to your background. What are your client-focused approaches to simpleQuE? I am quick to follow up on any questions and or concerns, I like to pick up the phone and talk to our clients. In this day and age it’s so easy to send off an email, but I have always found that most clients really like to speak to someone personally.
Explain how simpleQuE is different from their competition. Most of our staff and subcontractors have certification body experience which I believe makes a very big difference.
Where is your favorite getaway? I love the beach and one of my favorite vacation spots is Cancun.
How would other people describe you in three words? Ethical, passionate about things that I believe in and caring.
Digitalization, globalization, competition and the speed of technological advances has changed the nature of business. ISO 9001:2015 has been in effect for a full year and it places a heavy emphasis on using “risk-based thinking” for managing quality-related processes. Risk has always been implicit in ISO 9001. But the latest revision asks organizations to make a cultural shift—rather than focusing on isolated problem solving and resolution, they’ll focus on prevention and performance improvement.
The International Organization for Standardisation (ISO) explains it this way:
“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.
Under the new guidelines, risk management serves as the cornerstone of quality management system design. As organizations determine the processes needed for a quality management system, they’re also asked to determine the associated risks and opportunities and to plan and implement appropriate actions to address them.
In the context of ISO, the concept of “risk” relates to the uncertainty in achieving the main objectives of International Standards—namely, to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Risk is the possibility of events or activities preventing an organization from achieving its strategic and operational goals.
This shift in thinking does not replace the standard’s process-oriented approach, but enhances it. While the process is still a critical part of ISO 9001:2015, processes must now be implemented with an acute awareness of risk.
Organizations are asked to identify, analyze and prioritize all potential risks as they undergo building or adapting their existing quality management implementations for updated certification.
Risks can be defined by two parameters—the severity, or seriousness, of the harm, and the probability that the harm will occur. Risks can be assessed based on the likelihood they will occur, the likelihood they can be detected, and potential impact should they occur. From there, risks are evaluated based on their importance (what is acceptable, what is unacceptable?) and actions are planned to address the risks, whether that’s avoiding or eliminating the risk or mitigating it.
Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.
What’s the best way to document risk-based thinking and demonstrate the approach during audits?. Evaluate how you evaluate risks today with the processes you have. Understand how you decide when risks are acceptable or unacceptable. ISO wants to see that you record identified risks when action is required, and the action steps to be taken.
Putting into place the Plan-Do-Check-Act (PDCA) methodology can be a great way to define, implement and control corrective actions and improvements. Companies should Plan what to do and how to do it, Do what was planned, Check that things happened according to plan, and Act on how to improve the next time around.
Companies have two years to make the transition to ISO 9001:2015, as certifications for the 2008 edition will expire after September 2018.
SimpleQuE was one of the first consulting companies to be ISO 9001:2015 certified and we’re ready to assist organizations with transition or implementation. Please visit our website for more information about our services.
Did you know that National Aerospace Week was established in 2010 as an opportunity for the aerospace and defense industry and its supporters to recognize the enormous contributions that the industry makes to America’s economy, competitiveness and national security? Continue reading “Soaring to New Heights”
More than 1 million organizations and companies worldwide understand the benefits of being ISO 9001 certified. Educational institutions are beginning to recognize the importance of established standards and are seeking certification, as well. As we enter the new school year, a these schools have taken the initiative and will start the year as ISO 9001 certified: Oakwood University, Greater Altoona Career and Technology Center, DRS International School, and Wenatchee School District #246. Continue reading “ISO 9001 Certification Changing the Standards for Higher Education”
In October 2016 IATF 16949:2016 will be published by IATF and it will replace the current ISO/TS 16949, defining the requirements of a quality management system for organizations in the automotive industry. It will be aligned with ISO 9001:2015 and its structure and requirements. IATF 16949:2016 will be implemented as a supplement to, and in conjunction with, ISO 9001:2015. www.iatfglobaloversight.org
IATF has also released a new transition strategy document for automotive suppliers and certification bodies to help with the transition. It includes information about timing and transition audit requirements. After October 1, 2017 no audits (initial, surveillance, recertification or transfer) will be conducted to ISO/TS 16949:2009. IATF Transition Strategy ISO/TS 16949 › IATF 16949
It is also important to note that IATF/IAOB will recognize TS certified companies that have upgraded to ISO 9001:2015 prior to IATF 16949 and allow reduced audit days when the company does eventually upgrade to the new IATF 16949 standard. Companies should coordinate with their registrar to determine the optimal audit approach and cost benefit. (Separate audits may be not be cost effective, but it will depend on each company’s situation.)
SimpleQuE consultants and instructors are ready to assist companies now with implementation, transitioning and training for ISO 9001:2015 and TS 16949:2009. Consulting and training for IATF 16949 will be available after its release in October. Contact simpleQuE
What is your position and what do you do for simpleQuE?
Senior Director and I work with clients to implement and manage their ISO/AS Quality Management Systems and EMS Environmental Management Systems
What do you like most about working for simpleQuE?
simpleQue is an industry leader in providing ISO consulting and training services.
What is your greatest accomplishment – work or personal?
With my wife, we raised three beautiful daughters who are now intelligent, funny, and productive adults.
What is your favorite QMS standard and why?
ISO 9001 because I have worked with it for almost 30 years and understand how it improves a business.
What attracted you to SimpleQuE?
The leadership and their vision.
When you are not working, where can people find you?
Working around my home, exercising, mountain biking, and enjoying time with my wife.
What was your first job?
Ranch hand in Abilene, TX Continue reading “SimpleQuE Spotlight: Blake Russell”