AS91XX: 2016 Certification Body Auditor Non-Conformances

SimpleQuE President, Jim Lee, recently attended the joint meetings of the SAE G-14 including Americas Aerospace Quality Standards Committee (AAQSC) and Americas Aerospace Quality Group (AAQG) in New Orleans.  The summit provides access to the committees that create the aerospace standards and guidelines with the high level players in the industry including Space and Defense.

Of interest to many companies are Certification Body audits and the areas where most non-conformances are written.  The Traditional NC chart on the left shows the typical audit non-conformances certification body auditors are finding with the AS9100, AS110 and AS9120 audits to the new standards. These are the top 10 majors and minor findings by clause.  The right side displays the high risk and concern areas that NASA, DCMA, FAA, and the Original Equipment Manufacturers (i.e. Boeing, GE, Rolls Royce, Northrup, Raytheon) see as supplier problem areas.

The Risk Area chart shows that the certification body auditors are writing fewer findings against these problem areas affecting the major customers.  However, all of these concern areas have new requirements in the new AS standards.  Jim Lee advises, “It should be noted that certification bodies are training their AS auditors to focus on these industry identified risk areas.  It is not yet clear whether the AS suppliers were well prepared for these new requirements, or the certification body auditors were not auditing as deeply or effectively against these new requirements.  Be prepared for greater focus and scrutiny on future AS audits in these areas.”

Sign Up For Our Newsletter

What is ISO 9001 Certification and Why is it so Important?

The ISO 9001 standard exists to provide organizations with the opportunity to develop baseline quality management systems, improve processes and meet the needs of customers. Achieving ISO 9001 certification is an important step for manufacturers and service providers, as it emphasizes performance while proving a dedication to quality and customers.

As ISO 9001 certification has been adopted across a wide range of industries, the standards have been altered to fit specific industry requirements. From the automotive and aerospace industries to telecommunications companies, laboratory settings, medical device manufacturers and more, each industry has adopted its own set of standards that all derive from the basic principles of the ISO 9000 series.

What are the Benefits of ISO 9001 Certification?
There are a variety of advantages to having ISO 9001 certification. It creates a more efficient, effective operation for a company, if implemented properly, and also improves employee awareness and motivation, and increases customer satisfaction. Here are some additional reasons to get ISO 9001 certified:

  • Client Requirements – More and more customers are demanding that their vendors be certified. If your business doesn’t meet this criteria you could be losing out on sales.
  • Increased Revenue – Studies show that ISO 9001 certified organizations are paid 7% more on average, have better sales growth and an improved ROA. (source: iso.org)
  • Reduce Waste – By establishing the rigor of an ISO 9001 Quality Management System, you can reduce inefficiency and make the most of your business’ time and resources.
  • Brand Image – Maintaining quality in your organization minimizes the chance of a slip up or error that could hurt your reputation.
  • Manage Risk – ISO 9001:2015 is all about managing risk. By adopting these standards you will learn how to best identify and mitigate threats to your business model.

Most importantly, as your company grows, becoming certified is vital to fostering continued success in the future.

SimpleQuE – ISO 9001 Certification Experts

SimpleQuE (an ISO 9001 certified company) assists organizations with implementation, improvement or transition of the standards by providing customized ISO 9000 consulting, training and internal auditing services and solutions. Contact us for more information or to hire an ISO 9001 consultant.

ISO Certification is Key to Entrepreneurial Success

Businessman in blue suit handshaking at business meeting, trying to make positive first impression on partner at negotiation, welcoming new colleague in office. Successful partnership, close up

The number of ISO registered companies in the United States continues to grow at a rapid rate. At the same time, there is a growing trend toward forming sustainable relationships with quality-focused and environmentally conscious businesses. However, there is still a misunderstanding that ISO standards are only applicable to and beneficial for large corporations and manufacturers.

Is ISO certification a good investment for entrepreneurs?

While it is a common misconception that ISO certifications are only for big businesses, this is simply not true. The standards set forth by ISO are generic by design so that they may be applied to businesses of any size, type, or product line. Having an ISO certification provides the solid foundation entrepreneurs need to build a successful business.

Benefits of ISO Certification

ISO standards take a holistic approach to improving business functionality and growth through consistency; and are just as much about improving processes as they are about improving products and services. Consider the following benefits to your business:

Reduced Risk

Entrepreneurial companies are at a greater risk than established organizations – and have a more compelling need to identify and manage risk. If a young company doesn’t have policies, processes and procedures that are standardized, it risks wasting resources. And smaller companies are often not in a position to absorb that loss.

Improved Productivity

In order to adhere to standards, entrepreneurs are required to establish processes that are clearly defined, documented and monitored. Objectives are also established and progress is measured, so you can see how your business grows.

Increased Revenue

According to a 2015 analysis of 92 studies, three out of five businesses saw an improvement to their bottom line as a result of ISO standards. This revenue increase was slightly higher than non-certified businesses and was primarily due to improved operations.

Growth Opportunities

Standards open the door to new markets. Certain opportunities, such as government contracts for example, are only available to ISO certified businesses. In addition, many ISO standards are recognized internationally, which increases your credibility in international markets.

 

ISO certification provides your current and potential business relationships the assurance that you have the relevant processes in place to deliver what is required, giving your business the competitive edge. No business is too small to be ISO certified. If you are an entrepreneur and ready to take the next step in improving your business and quality management system, contact simpleQuE to find out how to get started.

What You Need To Know About ISO 45001

Worldwide over 6300 people die each day from work-related accidents or diseases – nearly 2.3million every year.  ISO is developing a new standard, ISO 45001, Occupational health and safety management systems – Requirements, to provide a framework to improve employee safety, reduce workplace risks and create better, safer working conditions, all over the world. ISO 45001 is targeted to be published in the first quarter of 2018 and will replace OHSAS 18001. Current users of OHSAS 18001 will need to update their systems according to the requirements of the new international health and safety standard within a three year transition period that will commence after ISO 45001 is published.

 

Risk Management for Aerospace and Defense Industries

Aerospace transport and people. Two pilots dressed in uniform flying jet airliner on sunny day sitting inside aircraft cockpit surrounded by equipment. Selective focus on captain's hand on power lever

In a business environment failure and negative consequences are the last things anyone wants to encounter.  But the reality is that risk is always present and comes from multiple sources, whether from inside the organization or from external elements. Due to the complexity of aviation, space, and defense processes, products, and services, and the severity of the potential consequences of failures, a formal process to manage operational risks is required.

The exercise of risk management is how a company proactively applies quality standards to keep a lid on risk as much as possible from creating negative ramifications in the supply chain or to production or scheduling, etc. While to some it can seem like bureaucracy or unnecessary controls, risk management pays for itself many times over with the cost avoidance it helps secure. All it takes is one bad event to see why risk management is so important, that’s assuming the company survives that event.

The elements of risk management are clear and straightforward as well. It’s an ongoing, cyclical process of identifying risks, assessing them, proactively reducing their probability of occurring by control, and mitigating those that are allowable. But just following the process alone doesn’t explain why a business should have a risk management process in the first place.

In AS9100 the operational risk management process is supported by specific requirements throughout clause 8, to drive an enhanced focus on:

  • understanding risk impacts on operational processes; and
  • making decisions on operational processes and actions to manage (e.g., prevent, mitigate, control) potential undesired effects.

Within aviation, aerospace, and defense, risk is expressed as a combination of severity and likelihood of having a potential negative impact to processes, products, services, customer, or end users. In AS9100, operational risk management must include how the company defines their risk assessment criteria (e.g., likelihood, consequences, risk acceptance), and ultimately acceptance of risks remaining after implementation of any mitigating actions. Something as simple as the example below may be the simplest way to quantify risks. More detail could be utilized with scoring.

table

The standard requires an aerospace quality management system that takes into account the identification of various risks related to organizational circumstances in regard to its needs, business objectives, product range, applied processes and the size of the organization.  Given the fact that risk can trigger catastrophic results when unmanaged, every aerospace process must have the ability to reduce the occurrences and impacts of unacceptable risks, if not eliminate them entirely. And a risk management process is the only consistent way to assess risks and quantify when they are acceptable risks or when action is required.

Benefits to companies that incorporate risk management through ISO and AS quality standards include:

  • An increased probability of meeting schedules, budgets and production objectives
  • The means of making management proactive instead of reactive to risk issues
  • An increased awareness across the organization to recognize and mitigate risk
  • Reduced warranty and field complaints
  • Reduced supply chain risks
  • An increased ability to successfully plan, manage and implement changes (whether customer, supplier or self-initiated)
  • An increased ability to comply with laws, regulations, and customer requirements
  • An enhanced capability to track financial expenditures to poor results, and
  • Improved relations with stakeholders who see the results of quality and risk management in place

Look Fors – Part 3: Planning for Risk and Change

A pen and a magnifying glass focusing on a chart.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?

016_1469JimFLOffice 1What are 3rd party auditors looking for?  This is the third of a three part series by Jim Lee, President of simpleQuE

Clause 6 of ISO 9001:2015 – Planning for Risk and Change
In parts one and two of this series of articles, Context of the Organization and Leadership were covered. Next is the topic of Planning for Risk, which brings risk-based thinking to the forefront. Once the organization has identified the risks and opportunities in Clause 4, it needs to stipulate how to address these.  The planning phase examines who, what, how and when risks must be addressed.  It’s a proactive approach that replaces preventative action and hopefully reduces the need for corrective actions later on.

Particular focus is also placed on the objectives of the management system.  These should be consistent with the quality policy and be measurable, monitored, communicated and updated when needed.  Changes to the QMS should also be planned and consequences understood to assess risk and minimize potential negative impact.

 

Third party auditors may use the following for evidence of risk based thinking and integration into the quality management system:

  • Design reviews
  • Competitive analysis, benchmarking, recall analysis, competitive testing
  • Process control plan, internally tighter tolerances and controls than customer specs
  • Management reviews
  • Process and design FMEA (Failure Mode and Effects Analysis)
  • Corrective Actions, and replicating actions across similar products and processes
  • Metrics related to objective in management review
  • Customer scorecards, dissatisfaction, trends and performance
  • Operational meeting minutes with action items for higher risks
  • Change in leadership or new programs
  • Processes to deal with new technology, new materials, new processes, new products, new suppliers, new packaging, moving production, changing equipment
  • Program plan describing and monitoring change
  • Equipment maintenance plans and programs
  • Calibration frequencies
  • Internal audit frequencies, and the need to audit some areas more than others
  • Contingency plans
  • Strategic or business planning, SWOT (Strength, Weaknesses, Opportunity, Threats) analysis, PEST (Political, Economic, Social and Technological) analysis, etc.
  • Approval for capital, along with the justification and risks to invest now or delay to later
  • Supply chain risk management with supplier performance, financial stability, sole sourcing, geography with lead times and inventory in transit, leverage, long term agreements, etc.

 

Not that all of the elements listed above will be needed, but organizations may experience potential issues if:

  • Risks and opportunities are not identified when there is clear evidence of problems or need for action
  • Risk-based thinking is not driven by leadership
  • Actions to address risks and opportunities are not taken or not effective
  • Risk evaluation is not applied throughout the QMS (supplier selection and evaluation, new product or service, short lead time, capacity constraints, etc.)
  • Measurable objectives are not established
  • Objectives are not monitored or changed as the context of the organization changes
  • Action is not taken when objectives are not met, or trends are going the wrong direction
  • The impact of change is not identified or magnitude of change not understood
  • Costs/schedule are not included in defining change

Also, read more about Context of the Organization in Part 1 and Leadership in Part 2.

 

 

Source:  NQA’s Teaming Conference – August 2017

Risky Business vs Risk-Intelligent Business

Rolling the dice concept for business risk, chance, good luck or gambling

Digitalization, globalization, competition and the speed of technological advances has changed the nature of business.  ISO 9001:2015 has been in effect for a full year and it places a heavy emphasis on using “risk-based thinking” for managing quality-related processes. Risk has always been implicit in ISO 9001.  But the latest revision asks organizations to make a cultural shift—rather than focusing on isolated problem solving and resolution, they’ll focus on prevention and performance improvement.

The International Organization for Standardisation (ISO) explains it this way:

“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.

Under the new guidelines, risk management serves as the cornerstone of quality management system design. As organizations determine the processes needed for a quality management system, they’re also asked to determine the associated risks and opportunities and to plan and implement appropriate actions to address them.

In the context of ISO, the concept of “risk” relates to the uncertainty in achieving the main objectives of International Standards—namely, to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Risk is the possibility of events or activities preventing an organization from achieving its strategic and operational goals.

This shift in thinking does not replace the standard’s process-oriented approach, but enhances it. While the process is still a critical part of ISO 9001:2015, processes must now be implemented with an acute awareness of risk.

Organizations are asked to identify, analyze and prioritize all potential risks as they undergo building or adapting their existing quality management implementations for updated certification.

Risks can be defined by two parameters—the severity, or seriousness, of the harm, and the probability that the harm will occur. Risks can be assessed based on the likelihood they will occur, the likelihood they can be detected, and potential impact should they occur. From there, risks are evaluated based on their importance (what is acceptable, what is unacceptable?) and actions are planned to address the risks, whether that’s avoiding or eliminating the risk or mitigating it.

Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.

What’s the best way to document risk-based thinking and demonstrate the approach during audits?. Evaluate how you evaluate risks today with the processes you have. Understand how you decide when risks are acceptable or unacceptable.  ISO wants to see that you record identified risks when action is required, and the action steps to be taken. 

Putting into place the Plan-Do-Check-Act (PDCA) methodology can be a great way to define, implement and control corrective actions and improvements. Companies should Plan what to do and how to do it, Do what was planned, Check that things happened according to plan, and Act on how to improve the next time around.

Companies have two years to make the transition to ISO 9001:2015, as certifications for the 2008 edition will expire after September 2018.

SimpleQuE was one of the first consulting companies to be ISO 9001:2015 certified and we’re ready to assist organizations with transition or implementation.  Please visit our website for more information about our services.

Preparing for Change and Risk

Shirley Kennedy, simpleQuE Project Manager. Learn more about Shirley here.
Shirley Kennedy, simpleQuE Project Manager. Learn more about Shirley here.

The simpleQuE team is preparing for the ISO changes and recently attended NQA’s overview of the draft changes to ISO 9001:2015 and ISO 14001:2015.

The major revisions of both standards are due by September and will incorporate this high level structure divided into 10 sections: Continue reading “Preparing for Change and Risk”