Month: April 2012

TS 16949 Calibration Management

Automotive inspection, TS 16949, IATF 16949

Q: Under the standard ISO/TS 16949:2009 Quality management systems – Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations — is it acceptable to allow an instrument user to request a calibration extension under certain circumstances?

Here are just a couple of examples:

The user is in the middle of a test that they don’t want to disrupt until completed.
Equipment is installed on a test vehicle that is at a remote location and is not readily available.

I should note we are an automotive supplier engineering facility doing advanced product development.

A: Here is my usual advice about calibrations:

1. The calibration frequency is both a matter of use and criticality of measures. Instrument companies err on the side of frequent recalibrations.

2. As with most standards based on ISO 9001:2008, the calibration frequency is an internal company decision as the requirement is:

•    Process for calibration management
— Records need to show (7.6.2):
> Equipment identification, including the measurement standard against which the equipment is calibrated
> Revisions following engineering changes
> Any out-of-specification readings as received for calibration/verification
> An assessment of the impact of out-of-specification condition
> Statements of conformance to specification after calibration/verification
>  Notification to the customer if suspect product or material has   been shipped

Therefore, it is the supplier who determines the frequency of the calibration, as well as the standard to which they are using. If the supplier sets a frequency schedule they should follow it unless they get a concession from their customer.

I have done a large calibration study where an engine plant did the statistical analysis, which saved them millions of dollars to set optimal gauging schedules for an engine plant. I recommend that such a study be conducted by this company as soon as possible.

Ron Berglund
Voting member of the U.S. TAG to ISO/TC 176
ASQ Fellow
Canton, MI

For more on this topic, please visit ASQ’s website.

Z1.4:2008, Using Acceptance Quality Limit (AQL)

Pharmaceutical sampling

Q: I have a question about how to use ANSI/ASQ Z1.4-2008 Sampling Procedures and Tables for Inspection by Attributes.

I am looking to achieve a 99.5% production yield.  How do I calculate that using the Acceptance Quality Limit (AQL) in this standard?  Is it as simple as taking (100-AQL) to calculate the expected yield?

A: The ANSI Z1.4-2008 standard is not intended for calculating production yield or expected production yield.  The AQL is the maximum percent non-conforming that can be considered acceptable as a process average.  Typically we set this as the percent defective that would be accepted at a 95% confidence.  If you want to sample such that you have 95% confidence that the average production yield is 99.5%, you can find a sampling plan with an AQL of 0.5%.  Also, please understand that the tables in the standard are not exact value for AQL.  Using the binomial distribution (or hypergeometric for sampling with no replacement) you can calculate the exact probability.

Steven Walfish
Secretary, U.S. TAG to ISO/TC 69
ASQ CQE
Statistician, GE Healthcare
http://statisticaloutsourcingservices.com/

For more on this topic, please visit ASQ’s website.

ISO 9001 SOPs for HR and IT Departments

Mr. Pareto Head and IT

Q: My company wants to become certified to ISO 9001:2008 Quality management systems–Requirements by the end of this year. We have nearly all of our common standard operating procedures (SOPs) identified and written. But some of our departments—HR and IT in particular—are proving to be a little more difficult as far as identifying activities we might need to document.

Could you provide a few examples of procedures that might be available for  an IT and HR department? More specifically, I’m looking for examples of what others may have done with ISO 9001:2008 in conjunction with corresponding SOPs.

A: ISO 9001:2008 specifically requires the organization to have documented procedures for the following six activities:

4.2.3 Control of documents.
4.2.4 Control of records.
8.2.2 Internal audit.
8.3 Control of nonconforming product.
8.5.2 Corrective action.
8.5.3 Preventive action.

From an ISO 9001:2008 perspective, there are no mandatory procedures required for HR or IT departments as supporting functions for an organization. It is recommended, however, that you have your processes documented to ensure accountability for actions, consistency and standardization.

When there are many employees involved in various organizational functions, the hand-offs between the functions and employees can blur, with little to no accountability for the final outcome. In addition, having processes undocumented is not scalable, repeatable and reproducible as the organization grows larger.

The ISO 9001 website guideline further clarifies that the extent of the quality management system’s documentation can differ from one organization to another based on:

The size of organization and type of activities.
The complexity of processes and their interactions.
The competence of personnel.

While this may not be the right forum to share examples of SOPs, I can provide a typical list of ISO 9001:2008 procedures that may be applicable to HR and IT functions.

A better way to develop procedures for the listed processes is to bring the stakeholders and experts together, map the process in its current state, brainstorm, identify and remove nonvalue-added activities, and then reissue a new value-added procedure.

Typical SOPs in HR

  •     HR planning process.
  •     New employee orientation process, including mandatory training and certifications.
  •     Training needs analysis.
  •     Employee training and development process, which also includes training, skill competency assessments, periodic evaluations and certifications.

Typical SOPs in IT

  •     IT resource planning process.
  •     Data archival, retention, backup and disaster recovery process.
  •     IT hardware and software maintenance and information security management process.
  •     Quality information systems, including infrastructure planning, implementation and improvement.

Govind Ramu
Senior manager, quality systems
SunPower Corp.
San Jose, CA

ISO 9001 Clause 7.5.1 Work Instructions

Mr. Pareto Head and standard work

Q: Within my organization there has been much debate on what a work instruction is. The term work instruction is not defined in the ISO 9001-2008 Quality management systems—Requirements standard (appears in clause 7.5.1).

Our question is that if the organization is providing services such as maintenance and repair of the customer’s equipment, and the customer provides maintenance and repair manuals and publications for this equipment to the organization, would this literature satisfy the requirements of ISO 9001:2008 as work instructions? Any assistance provided would be greatly appreciated.

A: You are correct when you state that “work instructions” is not defined in ISO 9001:2008, nor is it in ISO 9000:2005 Quality management systems–Fundamentals and vocabulary.

Terms are not defined by the Technical Advisory Group (the standard developers)  when it is felt that the general accepted usage is clear and unambiguous. Such is the case with this term. A work instruction is simply what the name implies, instructions to do work. Written instructions might not be necessary and so the phrase “as necessary” is in the text of the standard. It depends on your specific situation.

The challenge to comply with the requirements of clause 7.5.1 is not in the definition (or lack of definition) of work instructions. It is planning and carrying out production and service work under controlled conditions.

Are your work processes controlled? This clause identifies six elements that need to be considered. Work instructions are one of the six elements. Do your operators know what to do? Are they trained? Do they need written instructions? In general, you must make this call, not an auditor. If you are challenged by an auditor, you need to be able to defend you position. But there is no hard and fast rule here.

Let me note that telltale signs of lack of control are frequent errors, defects and rejects. This indicates to an auditor that you don’t have a controlled process. You need to tighten things down including addressing those of the six elements that are at the root cause of your process failures. You might need work instructions or improved work instructions based on process performance.

You mention that your organization maintains customer equipment and that the customer provides manuals. These manuals might be adequate. They might not. Let’s say that part of your maintenance is changing the oil on a gasoline engine. The manual, hopefully, states when this needs to occur. It might not. You probably need to establish a maintenance schedule for changing the oil and lubricating the machine, recording when this is done. Do you need a detailed work instruction on how to change the oil? Probably not. However, the machine might be complicated and have many lubrication points, a number of them not at all obvious. In such a case, a simple work instruction might be useful.

The key is to control your process and use whatever is needed to do so.

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)

For more on this topic, visit ASQ’s website.

ISO 9001 Clause 8.2.3 and 8.4

Checklist, Conformity, Go/No Go, Inspection, ISO 9001

Question

Our quality management department, of which I am the lead internal auditor, has a question that we have been debating for some time:

How do we apply ISO 9001:2008 Quality Management systems-Requirements, clause 8.2.3 Monitoring and measurement of processes and 8.4 Analysis of data, in a non manufacturing organization?

Our organization is primarily software, software modification of COTS that is implemented into our products, and applications modified for our business unit’s use.

My specific questions are:

1. How is the effectiveness of process improvements measured?

2. What methods of measurement do we use to capture the effectiveness?

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Thank you for your assistance in this matter. We want to implement a methodology for capturing measurement and effectiveness of process improvement data, but are at a loss as to how and where to start.

Answer

You posed several questions about ISO 9001 compliance.

1. How is the effectiveness of process improvements measured?

In a service environment there are typically many process characteristics that can be monitored or measured to assess whether the process has been planned and is being carried out under controlled conditions. Without knowing details of your service offering, it is difficult to comment explicitly.

Possible examples of metrics that may be appropriate include on time completion of a project, after-release detected “bugs,” time required to maintain “released” software modules, and etc.

Also, such metrics can be graphed and cost can be tied to each metric so that when process improvements are made, the benefits can be presented to management in management review in terms of the financial benefits of aggressive measuring and monitoring initiatives.

2. What methods of measurement do we use to capture the effectiveness?

See #1 above.

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Any check sheet or form would have to be developed by you to suit your processes.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more on this topic, please visit ASQ’s website.

ISO 9001 Corrective Action Time Window

Schedule, calendar, timeline

Q: We will be audited by a different firm soon to ISO 9001:2008 Quality management systems–Requirements, and I am noticing differences compared to our former auditors.

At the closing of an annual surveillance audit for a three-year certificate if a non-conformance is issued at the closing meeting, what is the expectation of response for:

1. Minor non-conformances

2. Major non-conformances

How many days are expected for the initial response for each?

How many times during the next 12 months should we expect the auditor to come back to the site to verify corrective action for each?

A: Regarding your question about response times for corrective actions, please note the following.

ISO 9001:2008 clause 8.2, Internal audits, does not specify or prescribe any time limits. ISO 9001:2008, clause 8.2.2, only requires the management for the responsible area (process owner) to take corrective action without undue delay. No time limit is identified.

With regard to audit follow up visits — this is strictly dependent upon the registrar or other auditing body. Some auditing bodies will follow up on closed CARs during their next scheduled surveillance audit. This allows enough time to past to evaluate the effectiveness of the corrective action taken.

In most cases, the auditee is required to complete the CAR identifying the root cause and the corrective actions taken to prevent a reoccurrence.

This information is assessed by the auditing body to confirm that a root cause was identified and that action taken match the root cause. This is normally done in the form of a desk review.

Due to the costs involved and other logistics, rarely will any auditing body want to come out to verify each corrective action taken. This is usually something for the internal audit staff to perform as a part of their audit activities.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

For more information on this topic, please visit ASQ’s website.

ISO Standard Audit and Confidential Information

Reviewing confidential files, training records, human resources files

Q: During an external audit, what records are we allowed to keep confidential – e.g. human resources records? Certain records pertaining to new business leads or accounting matters? Specifically, my question is related to audits to the ISO 9001:2008 Quality management systems–Requirements and ISO 13485:2003: Medical devices — Quality management systems — Requirements for regulatory purposes standards.

 A: The “scope” of any audit is the quality management system (QMS) as found in the ISO standard for quality management. Areas such as finance, marketing plans, sales goals, and other business related topics are not part of a QMS audit.

It should be understood that during the audit, potential areas of conflict between the auditor and auditee might exist. The most common is when the auditor wants to see training records and the auditee claims them to be a confidential part of HR records. The auditor need to be a diplomat here and explain that only the training record is needed and not the entire HR record.

Also, it is not uncommon for the auditee to require the auditor to sign a non-disclosure agreement stating that the auditor(s) will keep everything observed during the audit confidential between the parties.

Again, the scope of the audit, usually agreed to ahead of time, is the QMS — not any business related matters.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor