Category Archives: 9001:2015

9001:2015, ISO 9001, Planning

Planning – 9001:2015 Draft of Section 6

Leave a comment

As a work of the U.S. federal government, the image is in the public domain.“Plans are nothing; planning is everything.” – Dwight D. Eisenhower

ISO 9001:2015, according to the latest Committee Draft (CD), has an entirely new layout and some new content. In the past, we’ve looked at section 4, “Context, and then section 5, “Leadership.

Continuing along in the series, here’s a look at the next section – section 6, “Planning“.

There are only three subsections, making the whole piece relatively short:

  1. “Actions to address risks and opportunities”,
  2. “Quality objectives and planning to achieve them”, and
  3. “Planning of changes”

Actions to address risks and opportunities requires that a company consider external and internal issues, referring to context and interested parties (see our preview of section 4), as well as determine the risks and opportunities implied by them.

Context, to save you a click, refers to both Internal and external context. External means issues arising from legal, technological, competitive, cultural, social, economic and natural environment. Internal refers to perceptions, values and culture of the organization.

As a result of these considerations the organization must assure that the intended outcomes of the QMS are achievable (implies that we know what the intended outcomes are, right?). Also, that product conformity (product = goods and services) along with customer satisfaction is maintained. As a result of planning, the company has to prevent, or reduce undesired effects and – improve.

With the above considerations in mind, an action plan is made to address risks and opportunities and this will include how to integrate (the standard actually says “implement”) these actions into the QMS.

Risk DeterminationAnd, after doing that – the effectiveness of this plan must be evaluated.  The standard goes on to say, essentially, that the actions must be proportionate to the effects. A note suggests avoidance, mitigation and acceptance as options for dealing with risk. Bigger risk should equal stronger planning.

You should come to the conclusion that somewhere along the line you’d need some way to measure the effectiveness of the plan, and have some basis on which to measure improvement.

Well, you’d be right, as the standard goes on to require that quality objectives be established at all “relevant” functions.  This text is the same in the current version though in the 2015 the requirement becomes more formalized. Note that if you have a function, level or process without any objectives then you’d have to say that function, level or process isn’t relevant – if that is so, then why have it? (“Will all non-essential personnel please report to the parking lot…”)

The last bit within section six relates to handling changes – and that changes shall be planned. Again, an expansion of a current requirement.

A few examples of possibly applicable changes:

  • New management or management representative,
  • New ownership or partner,
  • Different context (internal or external),
  • New machinery,
  • Alien invasion (good luck!).

New situations must be accounted for, and a plan developed (glasses of water – everywhere).

Section Summary

Let’s try and summarize all that. Is the standard now asking for a document called “Quality Plan”? I vote “nope”, or “mostly nope” – in the case of a change, there will likely be something documented specific to the event. In most other situations, though, “Plan” can be either a noun, or a verb (as has always been the case).

section 6

For some, it will be an actual document, or a set of documents specific to a product or process that includes all of the considerations prescribed (noun). Some of you may know of the concept of “Control Plan” – this would be something like that. Generated for a specific product, or prior to each job, for example. A job router may serve this purpose, if it indeed considers what needs considering.

For others, the system itself; the various procedures, work instructions, machinery etc. – is the result of the exercise in planning (verb). “We planned, taking into consideration risk and opportunities, etc. etc. – and we came up with THIS.” a broad sweep of the arm to indicate the factory space and the documented system that describes and controls it.

There really isn’t a new requirement here – an added level, I hesitate to call it a burden, of record keeping perhaps – something showing the risks and opportunities and metrics measuring how the processes are behaving in light of them.

There will be some initial head scratching, but I think this section will be relatively easy to implement.

Thanks for your attention; go forth – calibrate thyself. Or – come up with a plan first, then calibrate thyself.

Sal

9001:2015, Internal Audit, Quality Tools, Risk Based Auditing

Internal Audit Schedule Part 3 – How To’sday!

Leave a comment

Risk Based Internal Audit Schedule

The past two “Toolsdays” have explored various options for generating an internal audit schedule. This week, I wanted to spend a little dedicated time on what is called a “Risk Based Audit Schedule”. There are versions of this found out in the Interwebs, and frankly – I think most of them are just too complicated for most companies. If you’re a multinational aerospace company or deal with medical device directives then yes, by all means, investigate and ensure you’re doing all you can to mitigate risk by every means necessary.

But for most of us, simply adding the concept of risk to their management system is a huge gain for very little effort. This is especially true for those who are ISO 9001 registered. Starting with the audit schedule; going through the process of determining risk, is a stepping stone to finding opportunities for improvement in every area.

While the concept of Risk has been in place for some of the other ISO standards, notably ISO 13485 for Medical and in the Aerospace standards (AS9100 et al) it is new to ISO 9001 – or will be, when the next version arrives in 2015.

Companies will likely be searching for ways to incorporate risk awareness into their management systems. The Internal Audit Schedule is a common-sense early target.

What is Risk?

Risk-based Internal Auditing is a method that considers the intersection of Likelihood and Consequence to help determine where, and sometimes, how – audit resources are put into play. Resources in terms or time, frequency and auditor expertise.

Risk DeterminationBasically if, in a given process, something catastrophic could result and it is likely to occur then it will be given a higher priority and prime resources over a process where catastrophe is unlikely.

Consider the process of welding support structures compared to stenciling the company logos on them .

The welding operation should receive more detailed, deep and frequent audits versus the logo-application process.

Sometimes, however, there may be a seemingly benign consequence – say a missing manual, but it is quite likely to occur. This should be given added attention (and a good investigation for process capability, as an aside).

Similarly, there may be an unlikely event with tragic consequences. Even though tight process controls and inspection steps nearly ensure detection of a weld error, because the consequence may be dire and tragic, then this too is worthy of heightened attention.

Scoring Risk

Part of the process in creating a Risk Based Audit Schedule is generating a relative score for risk. This can be calculated based on likelihood and consequence.

If you’re familiar with FMEAs then this concept is familiar as well, but it can be simplified for our purposes. If you aren’t familiar with FMEA then – well, another day, my friend – another [Tues]day (okay, I made you a link to the Wikipedia entry – just make sure you come back!).

Basically we need a few pieces of information – or, technically, data:

  1. Function or Process
  2. What could go wrong
  3. A rating (L) from 1-10 of our confidence in the controls in place to identify or prevent the occurrence (10 being no confidence in detection or prevention)
  4. What will happen if that went wrong
  5. A rating (C) from 1-10 of that Consequence (10 being tragic)

This may take some doing and require a knowledgeable cross-functional team, but it is a worthy exercise for creating an audit schedule – and quite useful beyond that.

For each auditable area simply take the L and multiply it by the C to get a number – let’s call it “Ra”.

The Risk Based Schedule

With each process, along with its Ra score identified we can lay down our risk based audit schedule. Should look something like this:

RBA basic sched

The higher the Ra score, the stronger the team and the more frequently it will be audited.

Naturally, yours will be fleshed out more, and you’ll define somewhere the compositions of the audit teams. “A” in this example would be your more experienced day shift auditors, “C” possibly an experience night shift auditor, and “B” is a team with some trainees.

Those are the basics of creating a risk based internal audit schedule, and I hope it’s enough for you to sink your teeth into and run with it. Feel free to message me with questions, or leave a comment below.

Thanks again for listening, and now – please – go forth, and calibrate thyself.

Sal

9001:2015, Improvement, Leadership, Quality Tools

Sunday Summary – 8 Sept., ’13

Leave a comment

Hey – Hope you’re having a great weekend. This week there will be no talk of rice bowls – and I’ll get right to a recap.

Behind the scenes, some updates to the security of the website (no, I am not throwing down the gauntlet!).

Also Investigated ways to make some ad revenue (very hard for me not to click my own links!) Costs money to keep these lights on and at this point maybe three people are reading this so – I know, “math is hard”. If you ever need anything from Amazon, the easiest way for you to help, is to enter Amazon using any link from this site – their search bar at right is handy. I know, advertisements are tedious. Welcome to America!

Oh, and working on getting a few podcasts up! I’m pretty excited about that.

Have yourself a great rest of the weekend, as well as a fine week. Drop me a message if you’d like something covered.

Thanks and go forth and calibrate thyself – tomorrow; take a day off from calibrating.

Sal