Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?
What are 3rd party auditors looking for? This is the second of a three part series by Jim Lee, President of simpleQuE
Clause 5 of ISO 9001:2015 – Leadership
Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.
With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS. Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business. 3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.
- Established and communicated quality policy, objectives, strategic direction, and performance
- Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
- Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
- Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
- Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
- Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
- Customer satisfaction and perception
- Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
- Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
- The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
- Identify process owners
- Use metrics to monitor performance of the QMS
- Include performance metrics in the Management Review
- Develop action plans when performance goals are not met
- Develop customer communication processes
- Respond to customer complaints
- Consider results of customer feedback/surveys and take appropriate actions
- Identify internal customer requirements
- Make improvement part of the quality policy
- Align roles and responsibilities with processes
- Contingency and emergency roles and responsibilities not defined
- Have appropriate training and awareness of the ISO 9001:2015 requirements
Coming soon – Part 3 and what auditors are looking for in regard to Risk. Also, read more about Context of the Organization in Part 1.
Source: NQA’s Teaming Conference – August 2017