When you are identifying the provisions for your QMS (Quality Management System) scope, you need to consider what types of products and services you provide, what type of industries you provide to, and where you operate.
Example of a ISO QMS Scope: QARMA Consulting develops, implements, maintains, and improves management systems for commercial, environment, and Aerospace industries nationwide. Management systems include QMS (Quality Management System), EMS (Environmental Management System), and IMS (Integrated Management System).
One of things I find in most audits are process deficiencies with the organization’s QMS (Quality Management System) documents. I usually find obsolete documents in circulation and/or documents that are not controlled. What happens is that the organization sometimes does not realize the difference between the types of documents or the levels or where employees have posted documents.
Let us first discuss levels of documented information:
The Quality Manual describes your processes within your QMS on how the organization meets the requirements of the standard (in this case, ISO9001:2015). Procedures are documented information that outline specific work processes, such as: Sales, Purchasing, and Production. Work Instructions are documented information that give step by step directions on how a task should be done. Forms are documented information used to make a record completing all or part of the process described in your Quality Manual, Procedure, and/or Work Instruction.
We will examine the process of entering a room, for example. A procedure would identify the what the person has to do. It might say I open the door to the room and walk inside. A work instruction would be step by step to enter the room. I get up from my chair. I walk over to the door. I grab the knob. I turn the knob. I push the door forward. I walk into the room. One of the best practice for ensuring obsolete documents are not kept in circulation is to ensure employees do not keep copies at their work stations. If an employee needs access to it then identify its distribution. The best practice is to have a controlled documented register of all your documents to ensure current status and location.
ISO 9001:2015 is meant to be less restrictive, more innovative, and process approach, including risks and opportunities. It helps any organization to be able to achieve a QMS (Quality Management System) by enhancing how they approach processes. You can find better ways to have a QMS and to meet the requirements of the ISO9001:2015 standard.
There are many resources, including here to help you.
Roles (Section 5.3) of the ISO standard is key to your QMS (Quality Management System). If your roles are not identified, then it can have an adverse effect throughout your organization. It can cause confusion among employees and who their immediate supervisor is. My clients often tell me that well there are many roles that an employee may fulfill. That is fine, but they have to be consistent and defined.
If an employee performs the role of a General Manager and Inspector, then these two roles need to be listed in your organization. The best practice is an organization chart that lists all positions and departments. If an employee only performs the role of the General Manager and Inspector, but his or her business card identifies the role of Sales Manager, then this is an issue. If the Sales Manager position is listed on the organization chart, then it is not.
The next step is responsibilities and authorities for each role (organization chart or other means) defined within the organization. What is required of an employee performing the Inspector role? What is required of an employee performing the General Manager role? You must define what are all their responsibilities. Within the responsibilities you have to define what types of authority that role has.
The best practice is the organization chart and job descriptions for each role on the organization. This will also cover the requirements of Section 7.2 of the ISO Standard if filled out correctly.
Posted inUncategorized|Comments Off on Roles, Responsibilities and Authorities
Are you looking for ISO Consultants & ISO Consulting Services?
We are a national consulting group specializing in Quality Management Systems (QMS), Environmental Management Systems (EMS) and Integrated Management Systems (IMS). We observe your system, then assess, modify, and implement quality assurance to unlock your company’s full potential.
The Quality Policy is the foundation for your QMS (Quality Management System) and its processes. It derives from PDCA (Plan, Do, Check, Act), risk-based thinking, and opportunities for improvement. It provides the framework for your QMS quality objectives. It should be concise and easy for the whole organization to understand.
The Quality Policy has to be compatible with the context of the organization. It shall be established (Plan), implemented (Do) and maintained (Check, Act). It shall be maintained as documented information. The documented Quality Policy must have a commitment to satisfy applicable requirements, and must include a commitment to continual improvement of the QMS. The Quality Policy has to be available (including to interested parties), communicated, understood, applied and within the organization. Everyone in the organization must be aware of the Quality Policy.
The word shall in the standard (ISO9001;2015) is a must requirement. Auditors look for the where the documented Quality Policy is available, how it applies with the organization, and what means to the employee. There are several steps in achieving ISO certification. The Quality Policy is one of the requirements that must be fulfilled within the organization.
A lot of clients are currently in-process of transitioning from the ISO9001:2008 to the IS9001:2015 standard. There has been quite a few concerns regarding some of the new requirements with one in particular being interested parties (Section 4.2 of the new 2015 revision standard). I heard a lot of different responses from registrar auditors of what is considered interested parties. One of which is that the cleaning person is an interested party. In that same conversation the cleaning person was, also, an external provider (Section 8.4 of the new 2015 revision standard). That will be another discussion.
Customers, the organization, and external providers (aka suppliers) are interested parties that affect your business. It was that relationship in the previous 2008 revision standard). Annex A.3 of the ISO9001:2015 standard states, “There is no requirement in this International Standard for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system.” (2015-09-15) Customers have requirements that you have to fulfill within your QMS and its processes; and flow-down to external providers. Employees in the organization help fulfill requirements and provide feedback in regards to deficiencies and opportunities for improvements.
You have to, also, identify applicable legal requirements that affect your QMS. This could be REACH, RoHS, ITAR, DFAR, FAR, DPAS, ESD, Conflict Minerals, and etc. You can find more information from the QARMA Group.
Your current system, regardless if you have a formal quality management system or not, is assessed, reviewed and updated to meet the requirements of the quality standard. This includes creating additional documented information needed for the QMS. The documented information needed to demonstrate effective planning is the quality manual, procedures, and forms. This could be in any media. The manual is not required for most quality standards, but it is best practice for defining our system. The organization must address PDCA (Plan-Do-Check-Act) methodology, process approach and risk-based thinking.
The QARMA Group helps the organization gather the information, write and review with the organization. This, also, includes guidelines and examples. Documented information review involves the organization and QARMA Group to review and finalize the draft documents, getting them ready for release (Step 2). The process owners/management and QARMA Group make final changes.
This usually takes 6-8 weeks depending on the size of the organization and how much documented information the organization uses within their system and/or additional documented information the organization requires to achieve planned results.
Step 2: QMS implementation (Do).
The QMS (documented information) is ready for release. There may be some minor changes, but QARMA Group helps the organization release all the documents and prepare the documented information to be released throughout the organization. This includes training and initiating data, such as, but not limited to: QMS Orientation training, Risks, Corrective Actions, Risk Mitigation, Improvement Projects, Management Review, etc.
This can be within 1-3 weeks after Step 1. However, it will take approximate 6-8 weeks before Step 3 because the organization must collect data (after implementation) for the audit to demonstrate if processes achieved plan results.
Step 3: QMS Internal Audit (Check).
QARMA Group assists the organization by completing an internal audit on the organization’s QMS. The organization will receive an internal audit plan (scope of the audit), objective evidence record (evidence of where processes conform, need improvement or did not meet planned results), audit report (summary of the process nonconformity and opportunities for improvement), and auditor credentials.
This takes 2.5 days for QMS internal audit depending on the size of the organization and the scope of the audit. Internal Audits are to check whether the organization is meeting the standard requirements, meeting their requirements, and if the QMS is effectively maintained.
QARMA Group, also, assists the organization with addressing findings from the audit and another management review (Step 4). Step 4 can be with 1-2 weeks from completion of Step 3.
Step 4 Continuous Improvement (Act) and Management Review (Check and Act).
QARMA Group assists the organization with addressing findings from the internal audit with corrective actions (to address process nonconformity), risk mitigation (observations that could lead to a potential risk/problem), and improvement projects (opportunities for improvement). QARMA Group, also, assists the organization with another management review.
The organization is ready for the certification process in Step 5, depending on how much time is needed to implement all the actions (corrective, risk mitigation, improvement project) based on the audit findings.
The actions need to be implemented and closed prior to the Registrar Audit.
Step 5 Registrar Audit.
If you are going for certification for the first time, then there are two stages: Stage 1, and Stage 2. Stage 1 (desk assessment) is where the registrar assesses your QMS and determines if you are ready for Stage 2 (QMS audit). QARMA Group will assist the any issues that need to be corrected from Stage 1. Stage 2 usually takes place 4 weeks or more (depending on the organization) after Stage 1 to give the organization time to address the issues from Stage 1. QARMA Group can facilitate, but cannot interfere with the audit. However, we can help the organization address findings from the Registrar Audit.
If you are doing a transition audit, then there is no Stage 1. However, the organization can request a Gap Assessment by the Registrar if the organization requirements. The same principles apply with the QARMA Group assisting the organization in addressing the findings.
The total days for Stage 1 and Stage 2 is dependent on the scope and size of the company. QARMA Group can help you find the correct registrar that best suits your needs.
When you have received your certification, your organization can celebrate and share the success, improve performance, eliminate deficiencies and increase revenue.
The same principles apply with other systems, such as EMS (Environmental Management System), and IMS (Integrated Management System). There is additional work and time involved in the project.
Please note that our new website will be uploaded soon.
When auditors walk into a room, they are in audit mode. What does that mean? Auditors make good observers. They look at the surroundings, the elements, in the room. It is process approach auditing. Auditors are checking to see if things are out of place or anything that could be a process deficiency or an opportunity for the organization to improve.
In the quality standard, such as ISO9001 or AS9100, there are 10 elements. Operations (Section 8) is where your products and services come together. Operations includes: Operational Planning and Control (Section 8.1); Requirements for Products and Services (Section 8.2); Design and Development of Products and Services (Section 8.3); Control of Externally Provided Processes, Products, and Services (Section 8.4); Production and Service Provision (Section 8.5); Release of Products and Services (Section 8.6); and Control of Nonconforming Outputs (Section 8.7).
…what does this jargon mean?
An Organization’s operations’ terms: Planning the order (Section 8.1); Sales or Order Processing or Order Review or Contract Review (8.2); Design and developing or changes of the organizations products and services (8.3); Purchasing or Procurement (Section 8.4); Manufacturing or Production (Section 8.5); Inspection (Section 8.6); Controlling nonconforming material, product, etc. (Section 8.7).
…better, but what does this mean?
It means that the organization plans out the job based on the customers’ requirements, including any design and development (if you are an organization designing your own products and services); purchasing of materials, subcontractors, outside processing, etc.; manufacturing the job; inspecting the job to ensure planned results were met; and controlling any nonconforming conditions. The organization, through the QMS, is ensuring quality of products and services.
The auditor audits these processes with the supporting quality and leadership elements (Section 4, 5, 6, 7, 9 and 10). Section 7, for example, is Support (your resources), which includes, but not limited to: personnel, infrastructure, work environment, documented information, etc. The auditor will audit to ensure personnel following operation processes, but they must ensure the elements are being followed.
When the auditor walks into manufacturing, the auditor, also, looks at documented information, personnel training records, equipment maintenance, etc. Are the documented information (production work order, traveler, pick list, etc.) per Section 7.5 of the Standard and the organization’s requirements being met in the manufacturing process, for example.
Look at your surroundings when you are auditing. The best auditors just do not look what is presented in front of them, but he looks at the surroundings and ask open ended questions: