Category Archives: Certification

9001:2015, Annex SL, Auditing, Certification, ISO

Annex SL Esplained

2 Comments

“Annex SL” is an ISO/IEC document that defines a framework for a generic management system. Understanding it is the key to new ISO releases, such as DIS ISO 9001:2015.

It was published by ISO’s Technical Management Board (TMB) in 2012 but since the recent release of DIS ISO 9001:2015 – and it’s strong impact on that standard, a review of the Annex should be helpful to implementors and auditors alike for several years to come.

annex sl page

You may not have heard of the TMB – but maybe you have heard of a TC, or “Technical Committee”. These are groups of experts; representatives of industry, NGOs, governments and other stakeholders within ISO. One well-known TC is TC 176 – that’s the group responsible for ISO 9001 or “Quality management and quality assurance”.

There are (or have been) at least 290 TCs (I know this because they are numbered sequentially and the latest one is TC 290).

You can see a full list HERE.

The TMB sits above the TCs within the “Organization” (ISO). Their charter is this that they

  • “… shall have responsibility for the general management of the technical committee structure…
  • approve the establishment and dissolution of technical committees, and revisions of the directives for the work of technical committees…
  • shall deal with all matters of strategic planning, coordination,
  • and monitoring of technical committee activities

– (Article 9.3 of the ISO statutes).

TMB Map

Annex SL is one attempt by the TMB to help the TCs provide a better product more easily and efficiently.

Annex SL does this by:

  1. reducing duplication efforts – many management system standards have the same basic requirements
  2. by reducing the differing interpretation of the same terms, or consolidating terms
  3. and by delivering the material in a clear and repeatable manner; making it digestible by consumers of multiple standards.

As you could imagine, all of these committees don’t always have knowledge of what the others are doing – inconsistencies occur. Then, once a standard is released, the industry; those who are certified to these standards and the auditors that interpret them – sometimes come to different conclusions.

There are mechanisms within the certification process to minimize confusion and disconnects, but a better way is a top-down approach; one that begins above the standards creation level itself. Annex SL is a large leap toward a more effective process.

What is in Annex SL?

It is a template – a framework. Scaffolding for other standards. It consists of:

  • Eight clauses
  • Core text
  • A baseline of 45 ‘shall’ statements generating 84 requirements (differing standards will have additional requirements)
  • Base terms and core definitions

This common structure will contain, in addition, the special requirements of the target standard (forgive, please, my space-saving abbreviations. Click to embiggen, then hit your browser’s back button):

ASL Main Structure

And there are common core definitions; the following words will have the same interpretations across all Annex SL conformant standards:

  • organization
  • interested party (preferred term)
  • stakeholder (admitted term)
  • requirement
  • management system
  • top management
  • effectiveness
  • policy
  • objective
  • risk
  • competence
  • documented information
  • process
  • performance
  • outsource (verb)
  • monitoring
  • measurement
  • audit
  • conformity
  • nonconformity
  • correction
  • corrective action
  • continual improvement

A given standard may have other words to be defined, naturally.

“SL”? – What Does It Stand For?

I wish it was something cooler, but…

“SL” is simply the sequential number of an Annex within numerous annexes as part of a document titled, ISO / IEC Directives, Part 1 “Consolidated ISO Supplement – Procedures specific to ISO”

The Annex before it is “SK” (though it is currently just a placeholder), and the one after it is “SM”, “Global relevance of ISO technical work and publications”.

Aren’t you glad you asked. You were going to ask, right?

For next time:

How has Annex SL impacted Publications?

 

Thank you again. Go forth – and annex something.

 

Certification, Events, Improvement, Leadership, Quality Tools

Sunday Summary

2 Comments

Here’s a look at the week gone by.

This week’s “Toolsday” brought us a tutorial on how to create a Pareto chart using Excel 2013, which may be helpful to some of you. You’ll find how to create one in other versions of Excel with a little Google-fu, but ours may be the only currently available for the latest version.

That was the extent of the formal posts this week, excepting tweets and Facebook updates. A large part of my week was occupied with a reCertification audit. This is, by the way, what happens after two yearly “surveillance audits” – you may remember we covered the audit cycle in an earlier post.

This company was actually very good – one of the better implementations I’ve seen as a point of fact. Thought I would spend a few moments listing a few bullet points on why this is so.

  • First, it’s a long-time implementation; they started their journey, albeit in a slightly different structural form, in the mid-nineties. That would have been the 1994 version of the standard. So, in a word, Experience.
  • Secondly, they have strong quality system leadership; a competent and vocal Management Representative who enjoys the technical and practical respect of those around him. Call that, summarily, Stewardship. This differs slightly from leadership, which some may call this and they would be still correct, if imprecise – in that a steward also helps operate the machine and knows how it works. It is vitally important that the leadership support the system, and that is truly a component of Stewardship and something at which this particular company also excels.
  • Thirdly, there is little difference between how seriously the formal management system is taken at the different levels of the organization. Soldier and general alike reference and follow the established processes and are actively concerned with improving them. Let’s call this Cultural Integration.

Most companies have some or all of these, and other nice-to-have’s, to varying degrees – but these folks are rock solid, “Best in Show” in each of these three. So, three keys to a successful, world class formal management system implementation: Experience, Stewardship, and Cultural Integration.

Would like also to make mention of another activity from the week, a meeting of the Granite State Quality Council. I’m planning on a dedicated post about the Council, but this event made recognition of two outstanding New Hampshire organizations.

There were presentations on these organizations’ best practices and lessons learned to help audience members improve their own organizations. Part of the night was devoted to recognizing the dedicated Examiners and Judges who participated in the program. It was my first experience with the Granite State Quality Council and I do hope to become more involved.

Looking forward to three audits next week: California, Massachusetts and good ol’ New Hampshire.

And I do hope you have a fulfilling week as well. Get some rest.

Sal

 

 

Audit Preparation, Certification, Registration

Audit Preparation

Leave a comment

So, you’ve got an audit coming up – your registrar is sending out someone you know is out to ruin your whole day. I’d like to help save you.

One important key to success is self confidence. An important key to self confidence is preparation
– Arthur Ashe

First off, some context  – what are you preparing for? In order to be Certified (or Registered), at some point there needs to be troops on the ground to evaluate your company against your standard of choice. Sure, they are friendly troops – probably even likable in their doltish, uncomplicated way; but they aren’t your troops, and you’re really not sure what side they’re on.

Fact is that they probably are on your side, and they don’t want to make your life more complicated – or theirs, but you have to meet them at least half-way. The trick is to start off on the right foot by making their job easier. Why not? And let them know you understand they are only there to make the system stronger.

So we’re all on the same page, let’s review the process of getting and staying Registered (or Certified – let’s pretend it’s the same thing, okay?).

The Certification Cycle

There is a sequence of events to getting Registered. Part of it is a continuous loop. Once you’ve gotten your system mostly installed and have a minimal amount of records from it, typically you will begin the path that includes several stages.

Certification Loop - audit preparation

Stage 1” audit: Also known as a “Readiness Review” this is where you want to show the skeletons in the closet; reveal as much as you can. It is more of a “check off the boxes” type of audit; does the piece exist or not? Registrars vary in the depth of auditing on Stage 1’s and generally more is better. Ideally you’ll want a deeper audit, but time is a factor. If you’re confident in an area, best to encourage the auditor to move on. Don’t forget that this is mostly for your benefit (the auditor is using it to get a feel for the territory and help in his planning process). It is a good idea to have your Registrar describe the depth of their version of a Stage 1. Even within a Registrar there is variation between auditors in just how deep they’ll go on a Stage 1 – letting your program manager know you are concerned with depth will help ensure you get what you want.

There will typically be an action list from this exercise – no non-conformances (there may be several dozen; more is better). Use this to help you determine if you are ready for the next stage. Two months is typical, sometimes it means six; depends on the issues and your resources.

The “Stage 2” or Registration/Certification Audit is the actual game time. You’ll want to limit your answers (and the answers of all employees) to what is being asked. Part of this is because time will be relatively tight, and side-trips are exactly that. There will be interviews, paperwork and records reviewed – an audit. They are as fun as they sound. In all actuality they are often quite pleasant, the key is to remember that everyone is really on the same team, and the goal is improvement. It is not unusual to have a small training session so folks know what to expect and how to act.

Action items become non-conformances in two flavors; minors and majors. Definitions vary, but essentially a minor represents a single or a few occurrences or deviations to an established procedure. Majors would be a large numbers of minors in one area, or a missing key process; such as no or shoddy Internal Audits, lack of an effective Management Review, or evidence of bad product escaping to a customer. Majors may require either a submission of documents, or a physical re-audit of the impacted section of the standard.

You can expect, and should not feel sheepish about, a small number of minors. The only real difference between majors and minors is the amount of time allowed to respond and correct them before Certification will be recommended.

Once Recommendation occurs – this, by the way, is the most an Auditor can grant you, the audit package is submitted. Usually there are two levels of post-audit review; an administrative review, and a technical review. Administrative means checking for the correct forms – were all the right things done. Technical review means a more detailed review by someone who knows about auditing and has knowledge of the applicable standard. It is for checking if the right things were done right.

It is seldom that a recommendation is overturned, but not terribly unusual for there to be small clerical errors in need of repair or clarifications needed.

And then – CONGRATULATIONS! You’ve got yourself a Certificate – probably even a framed one (some Registrars actually provide an engraved plaque…)

Then the “Surveillance Audit” cycle begins. Usually it is in one year’s time, though some Registrars allow, and customers request, that these occur twice per year. This will depend on the culture and resources of the company, and typically a twice-annual process works when higher external supervision or validation is desired.

These audits look always at the core clauses; Internal Audits, Management Reviews, Corrective and Preventive Actions, Improvements – along with some portion of the remainder. After another year, there is another Surveillance. This one, again, looks at those core clauses plus whatever was not looked at in the previous audit. There is often overlap regarding manufacturing.

Completing the loop, after two yearly surveillances have occurred, is a “reCertification” audit. This looks at the full system, though with less depth than the original audit and more focus on improvement capabilities.

I’ll close with a short list of what you should have ready for the auditor to look at on your Surveillance audits.

Surveillance Audit Preparation

This list is made specifically for Surveillance audits, but should work well as a start for Certification audits as well. Have available the following documents and records:

Minimum Documents

  1. Quality Manual (1 printed copy for each auditor).
  2. Procedures, if you have them, for:
    • Management review,
    • internal audits,
    • corrective and preventive action and
    • non-conforming product. Ensure they are easily accessible.
  3. These can be either printed, put onto a USB stick for auditor use, or easily accessible via some on-line interface. Allow the auditor time and space to “drive”.
  4. The above is the minimum they’ll need; if you’ve got a binder with all of the procedures then all the better. Also, a master list of all documents is handy – I know this is not a requirement in many cases (unless your dated system has made it one), but if you have one – this would be a good time to have it there for the auditors.

Minimum Records

  1. Last two Management Reviews; the “minutes and materials” with any action items and progress to them if those are not contained in the record.
  2. Internal audit reports and notes, including the full schedule [<- how to make one].
  3. Recent corrective, preventive and improvement actions. Sometimes this is a database, sometimes it is a log with references to completed forms; have them available or a plan for how the auditor may access them.
  4. If Training is on the agenda, having a list of recent hires is useful (past 6 months should be fine).

vs donutsSome other “nice to haves”

  1. Internet access; wired or wireless.
  2. Bottled water and juice (juice boxes … tempting).
  3. Snacks and the like are completely optional – auditors eat enough junk food on the road. But if you and your crew want an excuse to get bagels or donuts, or bagels and donuts – or muffins, or bagels and donuts and muffins then I’m sure the auditor will be happy to join you. Let’s call coffee and tea (hot water) a given.
  4. A provision for lunch – typically this should be brought-in to save time. A selection of menus is usually good. Please, keep in mind that some of us are vegetarians – and the house salad shouldn’t be the only option. Do you really want a grumpy, hungry auditor?

So there’s a few things you should know as you prepare for an audit. A little background, what to expect, and how you can get off on the right foot with the audit team.

Keep it positive and non-contentious, and you’ll do just fine.

 

Good luck and, I know you will with pride – go forth, and calibrate thyself.

Thank you,

Sal