Celebrating 70 Years of ISO Standards

Did you know that this year is the 70th anniversary of ISO standards? Over the years, standards have helped us become more productive, safer, and more efficient. Take a look below at some of the milestones in the growth of ISO.

SQ_Infographic_70yrs

Sign Up For Our Newsletter

Risk Management for Aerospace and Defense Industries

Aerospace transport and people. Two pilots dressed in uniform flying jet airliner on sunny day sitting inside aircraft cockpit surrounded by equipment. Selective focus on captain's hand on power lever

In a business environment failure and negative consequences are the last things anyone wants to encounter.  But the reality is that risk is always present and comes from multiple sources, whether from inside the organization or from external elements. Due to the complexity of aviation, space, and defense processes, products, and services, and the severity of the potential consequences of failures, a formal process to manage operational risks is required.

The exercise of risk management is how a company proactively applies quality standards to keep a lid on risk as much as possible from creating negative ramifications in the supply chain or to production or scheduling, etc. While to some it can seem like bureaucracy or unnecessary controls, risk management pays for itself many times over with the cost avoidance it helps secure. All it takes is one bad event to see why risk management is so important, that’s assuming the company survives that event.

The elements of risk management are clear and straightforward as well. It’s an ongoing, cyclical process of identifying risks, assessing them, proactively reducing their probability of occurring by control, and mitigating those that are allowable. But just following the process alone doesn’t explain why a business should have a risk management process in the first place.

In AS9100 the operational risk management process is supported by specific requirements throughout clause 8, to drive an enhanced focus on:

  • understanding risk impacts on operational processes; and
  • making decisions on operational processes and actions to manage (e.g., prevent, mitigate, control) potential undesired effects.

Within aviation, aerospace, and defense, risk is expressed as a combination of severity and likelihood of having a potential negative impact to processes, products, services, customer, or end users. In AS9100, operational risk management must include how the company defines their risk assessment criteria (e.g., likelihood, consequences, risk acceptance), and ultimately acceptance of risks remaining after implementation of any mitigating actions. Something as simple as the example below may be the simplest way to quantify risks. More detail could be utilized with scoring.

table

The standard requires an aerospace quality management system that takes into account the identification of various risks related to organizational circumstances in regard to its needs, business objectives, product range, applied processes and the size of the organization.  Given the fact that risk can trigger catastrophic results when unmanaged, every aerospace process must have the ability to reduce the occurrences and impacts of unacceptable risks, if not eliminate them entirely. And a risk management process is the only consistent way to assess risks and quantify when they are acceptable risks or when action is required.

Benefits to companies that incorporate risk management through ISO and AS quality standards include:

  • An increased probability of meeting schedules, budgets and production objectives
  • The means of making management proactive instead of reactive to risk issues
  • An increased awareness across the organization to recognize and mitigate risk
  • Reduced warranty and field complaints
  • Reduced supply chain risks
  • An increased ability to successfully plan, manage and implement changes (whether customer, supplier or self-initiated)
  • An increased ability to comply with laws, regulations, and customer requirements
  • An enhanced capability to track financial expenditures to poor results, and
  • Improved relations with stakeholders who see the results of quality and risk management in place

Look Fors – Part 3: Planning for Risk and Change

A pen and a magnifying glass focusing on a chart.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?

016_1469JimFLOffice 1What are 3rd party auditors looking for?  This is the third of a three part series by Jim Lee, President of simpleQuE

Clause 6 of ISO 9001:2015 – Planning for Risk and Change
In parts one and two of this series of articles, Context of the Organization and Leadership were covered. Next is the topic of Planning for Risk, which brings risk-based thinking to the forefront. Once the organization has identified the risks and opportunities in Clause 4, it needs to stipulate how to address these.  The planning phase examines who, what, how and when risks must be addressed.  It’s a proactive approach that replaces preventative action and hopefully reduces the need for corrective actions later on.

Particular focus is also placed on the objectives of the management system.  These should be consistent with the quality policy and be measurable, monitored, communicated and updated when needed.  Changes to the QMS should also be planned and consequences understood to assess risk and minimize potential negative impact.

 

Third party auditors may use the following for evidence of risk based thinking and integration into the quality management system:

  • Design reviews
  • Competitive analysis, benchmarking, recall analysis, competitive testing
  • Process control plan, internally tighter tolerances and controls than customer specs
  • Management reviews
  • Process and design FMEA (Failure Mode and Effects Analysis)
  • Corrective Actions, and replicating actions across similar products and processes
  • Metrics related to objective in management review
  • Customer scorecards, dissatisfaction, trends and performance
  • Operational meeting minutes with action items for higher risks
  • Change in leadership or new programs
  • Processes to deal with new technology, new materials, new processes, new products, new suppliers, new packaging, moving production, changing equipment
  • Program plan describing and monitoring change
  • Equipment maintenance plans and programs
  • Calibration frequencies
  • Internal audit frequencies, and the need to audit some areas more than others
  • Contingency plans
  • Strategic or business planning, SWOT (Strength, Weaknesses, Opportunity, Threats) analysis, PEST (Political, Economic, Social and Technological) analysis, etc.
  • Approval for capital, along with the justification and risks to invest now or delay to later
  • Supply chain risk management with supplier performance, financial stability, sole sourcing, geography with lead times and inventory in transit, leverage, long term agreements, etc.

 

Not that all of the elements listed above will be needed, but organizations may experience potential issues if:

  • Risks and opportunities are not identified when there is clear evidence of problems or need for action
  • Risk-based thinking is not driven by leadership
  • Actions to address risks and opportunities are not taken or not effective
  • Risk evaluation is not applied throughout the QMS (supplier selection and evaluation, new product or service, short lead time, capacity constraints, etc.)
  • Measurable objectives are not established
  • Objectives are not monitored or changed as the context of the organization changes
  • Action is not taken when objectives are not met, or trends are going the wrong direction
  • The impact of change is not identified or magnitude of change not understood
  • Costs/schedule are not included in defining change

Also, read more about Context of the Organization in Part 1 and Leadership in Part 2.

 

 

Source:  NQA’s Teaming Conference – August 2017

5 Steps To Manage Your Environmental Impact And Boost Growth

hand holding signs of different green sources of energy in hexahedron shape a 'reduce reuse recycle' sign in the centre. Blurred green background. Concept of clean environment.

Twenty years ago small businesses focused on one thing: how to make profits. Today, environmental impact is turning out to be just as important as meeting the bottom line. Here’s how to manage it for growth:

  • Incorporate planning – the very first place to start with addressing environmental impact and risks is to include them in strategic planning at every level. Because ISO 14001 is the cornerstone of environmental standards for a business, planning is essential. If the matter isn’t addressed to begin with from the top down, one of two things occur: 1) no one internally treats the matter as a priority, and 2) responses that do occur end up being ad hoc and disparate, which often incurs more costs than expected.
  • Anticipate that not everyone will be happy at first – getting environmentally focused is still a politically-charged approach. Education is probably the best response, even though it may require a bit more effort. At the end of the day, however, socially-conscious businesses sometimes have to stake out a claim. Choose wisely and then stay the course.
  • Embrace leadership – businesses that really break out and become the major players using ISO 14001 as their environmental management system are not necessarily the biggest in their industry. Smart businesses are out ahead looking for these leadership opportunities to craft their own path and market niche before anyone else.
  • Use size to an advantage – Being a small business comes with a lot of advantages in terms of flexibility and speed for adjusting to changes. Rather than a big bureaucracy involved in shutting down an assembly line, small business can test the waters far more rapidly and frequently with new ideas in environmental impact and that’s a huge competitive advantage when used effectively.
  • Don’t throw out the baby with the bath water – Every new change should have a thorough cost-benefit analysis. There are plenty of existing quality management procedures that align with ISO 14001, including ISO 9001 and IATF 16949.

SimpleQuE offers customized consulting solutions for all sizes of Aerospace, Automotive, Laboratory, Manufacturing and Service organizations. When it comes to environmental impact and responsibility, ISO 14001 certification makes good business sense for businesses small and large, across all industries.

ISO 9001 Myths and Their Reality

Artboard 2

ISO 9001 is the world’s most used management system standard, existing for almost 30 years, it tends to fall into the gap where many people have heard about it, but not many fully understand what the standard involves. As a result, there are common myths about ISO 9001 that simpleQuE can help to clarify.

Is it complicated and difficult to implement?
In most cases, no. SimpleQuE was one of the first consulting companies in the world to become ISO 9001:2015 certified, so we know what it takes to transition to the new standard. It is possible to simplify ISO implementation, transition, training and maintenance, by integrating simple solutions that fit into your company’s culture.  This can be done with a gap audit checklist to identify where you’re already in compliance and more effectively target only those areas that need work.

Isn’t ISO 9001 an outdated model?
While it is true that ISO 9001 has been around since 1987, it has evolved through several revisions to match the changing needs of business. Today there is instant access to information, higher expectations from customers, more complex supply chains and a globally competitive economy.  ISO 9001:2015 takes all of these factors into account.

Isn’t ISO 9001 a standard that only benefits big corporations?
This is not the case. ISO 9001 is intended to be a set of requirements that can be used by any company, of any size, in any industry. The requirements are written as a set of best practices needed to control all the processes of a business system – no matter what the company does. The standard is designed to be flexible; the focus is on improving quality and customer satisfaction, which every organization can benefit from including:

  • More efficient use of resources and improved financial performance,
  • Improved risk management and protection of people and the environment, and
  • Increased capability to deliver consistent and improved services and products, thereby increasing value to customers and all other stakeholders.

Will everything have to be monitored and measured?
Processes do have to be monitored and measured to ensure that they are performing as designed, however, the standard allows a company to consider the impact that a process has on product/service conformity and the effectiveness of the Quality Management System (QMS) when determining what to monitor or measure and the method to be adopted.  A good QMS will help with monitoring performance and driving improvement.

Is ISO 9001 is the sole responsibility of the quality manager or department?
This couldn’t be farther from the truth, since the requirements cover every aspect of the business – from planning through delivery and post-delivery of your product or service.

Doesn’t ISO 9001 cost a lot to implement?
The question of cost will depend on the size and complexity of the organization and the competency of the personnel. Basic implementation pricing should be competitive and reasonable, depending if the work is done internally or through an external consulting service. The overall outcome of these activities should be to reduce costs through improvements and increase revenues through satisfied customers. Your return on investment should be well above the costs. Note that ISO certification is a separate additional cost.

SimpleQue can customize consulting for your organization and provide simple solutions while clearing up any misconceptions about ISO 9001 and how it can benefit your organization. Contact us today to find out more information and how simpleQue can help!

Look Fors – Part 2: Leadership

Stock quotes price charts and a magnifying glass with stock price in detail.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015? 

What are 3rd party auditors looking for?  This is the second of a three part series by Jim Lee, President of simpleQuE

Clause 5 of ISO 9001:2015 – Leadership

Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.

With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS.  Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business.  3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.

  • Established and communicated quality policy, objectives, strategic direction, and performance
  • Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
  • Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
  • Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
  • Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
  • Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
  • Customer satisfaction and perception
  • Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
  • Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
  • The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.

Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:

  • Identify process owners
  • Use metrics to monitor performance of the QMS
  • Include performance metrics in the Management Review
  • Develop action plans when performance goals are not met
  • Develop customer communication processes
  • Respond to customer complaints
  • Consider results of customer feedback/surveys and take appropriate actions
  • Identify internal customer requirements
  • Make improvement part of the quality policy
  • Align roles and responsibilities with processes
  • Contingency and emergency roles and responsibilities not defined
  • Have appropriate training and awareness of the ISO 9001:2015 requirements

Coming soon – Part 3 and what auditors are looking for in regard to Risk.  Also, read more about Context of the Organization in Part 1.

Source:  NQA’s Teaming Conference – August 2017

SimpleQuE’s IATF 16949 Gap Audit Checklist is Now Available!

Innovation concept. Businessman throw a paper plane symbolizing acceleration and innovation.

The automotive quality standard has come a long way since its first inception in 1994.  With the new standard and more than 200 changes, simpleQuE recognized the need for an IATF Gap Audit Checklist to assist companies with the transition. The checklist includes the new automotive requirements (IATF 16949:2016 and ISO 9001:2015) and is intended to be used as a tool to identify both compliance with the new requirements and the differences between IATF 16949:2009 and the new requirements.

The utilization of this checklist, when populated with objective evidence of compliance and non-compliance, will satisfactorily demonstrate you have audited the differences between IATF 16949 standard and the new requirements.  It should be used with your certification body as evidence of internal audits to the new IATF 16949 and ISO 9001:2015 requirements.  It’s one of the methods simpleQuE auditors and consultants use with our own clients.

A free half hour of phone or email consulting with a simpleQuE expert is included with the checklist for the purchase price of $300.

The simpleQuE team wishes you a smooth and simple transition!

Look Fors – Part 1: Context of the Organization

Research

What are 3rd party auditors looking for?  This is the first of a three part series by Jim Lee, President of simpleQuE

Clause 4 of Annex SL – Context of the Organization

This is the cornerstone of a management system and the business’ strategic direction.  An organization needs to identify internal and external issues that can impact its intended outcomes, as well as all interested parties and their requirements.  It needs to document its scope and set the boundaries of the management system to line up with business objectives.

The context doesn’t have to be documented, so 3rd party auditors (as well as internal auditors) will be asking questions of various management members, and looking for these as objective evidence that an organization understands its context and considers all the factors and stakeholders affecting the business.  The items listed below don’t have to exist, but if they do, you want to take credit for them in understanding the context.  Some items may not by themselves demonstrate an understanding of the context, but combined with multiple examples, can provide the evidence an auditor is looking for.

  • Business plan
  • Strategic plan
  • SWOT analysis (Strengths Weaknesses Opportunities Threats)
  • Vision and mission statement
  • Process mapping
  • External parties identified
  • Lesson learned
  • Surveys
  • Internal meeting minutes to determine company goal setting
  • Metrics to measure effectiveness of QMS
  • Process turtle diagrams
  • Process flow plans
  • Quality manual

Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:

  • Identify or understand their primary competitors
  • Mention civic responsibility
  • Consider future business trends
  • Identify all customer requirements
  • Identify local/state/national requirements
  • Identify required outputs needed for internal customers
  • Identify uncertainties like negative risks or positive opportunities
  • Determine the processes used to flow the business from quote to delivery
  • Identify outsources processes
  • Establish process goals

 

Coming in future articles – what auditors are looking for in regard to Leadership and Risk.

 

7 Lessons Businesses Can Learn From Watching Football

Midsection of American football player holding helmet and ball against american football arena

Watching the big game? Here are a few takeaways that apply to any business.

 

  1. You’re only as strong as your weakest link
    Football is a team sport, and so is business. A weak link in the supply chain can be detrimental to a business that fails to assess supply chain risk management.. SimpleQuE’s supply chain audits and corrective actions drive supplier development and can identify risks to your company.
  1. Sometimes you have to take the punt to score the touchdown
    Football is all about taking risks. Going for a field goal is an easy way to score three points, but punting the ball could result in a touchdown for seven points. Just as the coach examines the possible outcomes before making the decision to go for a field goal or a punt, ISO 9001 calls for a manager to use a risk-based thinking cap. Organizations are asked to identify, analyze and prioritize all potential risks as they undergo implementation or upgrading their existing quality management system for certification.
  1. When the plan fails, change the plan
    Things do not always go as planned on the football field. It’s not an ideal situation, but by quickly adapting to the current circumstances, the most effective teams can often salvage a few yards rather than giving up. Similarly, companies often need to come together, improvise and move forward in the face of adversity.
  1. Always play the long game
    Sure, the other team may score a touchdown in the first few minutes of the game. Instead of focusing on what went wrong, the best teams keep a long-term perspective. And in business, try not to get caught up in the day-to-day—rather, focus on long-term quality and excellence.
  1. Training is important
    Far before the game starts, football players have spent days and weeks practicing and training to ensure they’re ready to play. Consider offering plentiful opportunities for training, such as SimpleQuE’s slate of courses covering internal auditing, root cause analysis and problem solving, and more.
  1. Understand the competition
    The best coaches understand that beating the other team is often more about understanding their strengths and weaknesses than it is about playing your best. Businesses can employ the same strategy when it comes to their competition. Understand what advantages other companies have while also learning their key weaknesses is essential to your own success.
  1. Always watch the highlight reel
    In football and in business, it’s essential to learn from your past mistakes as well as to repeat your past successes. Every situation has an upside, and provides opportunities to learn and move forward. As we always emphasize when working with companies on ISO, AS, or IATF implementation, Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.