Tag: ISO 9001

ISO 9001 Second-Party Audits and Confidential Information

Reviewing confidential files, training records, human resources files

Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential.

Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.

A: What is not clear from your question is the contractual arrangements you have with your suppliers.  If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information.   ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality.  That is best addressed in the specific arrangements between supplier and customer.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

For more on this topic, please visit ASQ’s website.

Scope of ISO 19011:2011

ISO documentation practices, requirements

Q: During a quick review of a recently revised standard, ISO 19011:2011– Guidelines for auditing management systems, we noticed that it is shorter than ANSI/ISO/ASQ 19011S:2008.

Also, we are wondering why there are no references to auditing the requirements in ANSI/ISO/ASQ Q9001-2008 Quality management systems.

Could someone please address our concerns?

A: With the expansion in scope of ISO 19011:2011 to cover all management system audits, the intent of the ISO 19011 standard is to provide guidance that is applicable to every management system discipline – not just quality management system audits.

One of the problems with the more general scope of ISO 19011:2011 is that it less helpful for addressing specific issues – such as internal audits of an organization’s quality monitoring and measuring processes.  This is why the ASC Z1-auditing subcommittee has initiated the process of developing supplemental guidance documents for internal audits and supply chain audits.  If there are specific issues or questions that you are interested in, you can ask that it be included in this supplemental guidance document (email standards@asq.org).

As to the difference in length –  with the U.S. adoption of ISO 19011:2011, the 2008 U.S. Supplement was made obsolete. What the Z1-auditing subcommittee is planning to do is to capture whatever guidance in that document is still important in the new supplemental guidance documents being drafted.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
http://www.enlar.com/
Largo, FL

For more on this topic, please visit ASQ’s website.

ISO 9001:2008 and Reasons to Obtain Third-Party Certification

Reviewing confidential files, training records, human resources files

Q: I have a question regarding an excerpt about ISO 9001:2008 — Quality management systems –Requirements, from the ISO webpage, which is below:

“…Although certification is not a requirement of the standard, the quality management systems of about one million organizations have been audited and certified by independent certification bodies (also known in some countries as registration bodies)…”

Our ISO 9001 quality management system (QMS) has been registered through third-party audits since 1994. But according to this statement, we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third-party certification.

Is this the case? If not, isn’t the statement on the website misleading, in as much as certification is an implicit requirement of the standard?

A: I am a U.S. Technical Expert for ISO 9001 and associated QMS standards, have been involved with QMS standards since 1975 and am a published Quality Press author.

You are correct when you state, “we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third party certification.” Many organizations use ISO 9001 as the basis for their quality management system without engaging in third-party audits. If you want to claim certification, I guess you could claim that you are “self-certified,” but I am not sure this would mean anything to anybody.

There are a variety of reasons for incurring the cost associated with obtaining an ISO 9001 certification:

  • Internal use: Many do this based on a perception of market advantage and use the certificates in advertisements promoting their goods and services. Some organizations use third party audits and certification to verify for their own management the adequacy of their quality management system.
  • Supplier qualification: The historical use for a quality management system standard is as a basis for qualifying the quality management system of suppliers. Development of quality management system standards dates to the 1950s. One of the early standards of this type was MIL-Q-9858A used by the Department of Defense for use in qualifying some of their suppliers.

Today, ISO 9001 is widely used as a qualification requirement for suppliers in many different product and service sectors. The automotive, aerospace, telecommunications and other industries have sector specific versions of ISO 9001 that are used with suppliers. These all require third-party certification.

  • Regulatory requirement: The European Union, FDA, Japan, Australia, Canada and many other countries use ISO 9001 as the quality management system for meeting certain regulatory requirements. Some regulatory bodies require third-party certification, others conduct their own audits (second-party audits) to verify compliance.

Bottom line: you should determine for yourself if you have a need for certification to ISO 9001 and act accordingly.

Joseph Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 Quality Management and Corresponding General Aspects for Medical Devices (AAMI)

For more on this topic, please visit ASQ’s website.

Applicability of TS 16949 to Non-Manufacturing Organizations

Automotive inspection, TS 16949, IATF 16949

Q: My conpany is certified to ISO 9001:2008 Quality management systems–Requirements. We provide integrated circuit chip design and outsource the manufacturing of the IC chips to our approved subcontractors. Recently, we won a contract to design and supply chips to one of our customers who, in turn, supplies to the automotive industry (the first automotive customer for my company).

One of the key deliverables of this project is to get ourselves certified to TS16949:2009 Quality management systems — Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations in the next 6 to 9 months.

We would like to know:

1. Is TS 16949 applicable to a company, like mine, that does no manufacturing?

2. In general, what does it take to be at least compliant to the TS16949 requirements?

3. Since TS 16949 is based on ISO 9001 with additional requirements, does that mean that once a company is certified to TS16949 it is not necessary to recertify to ISO 9001?

A: Thank you for your questions.

The answer to your first question is that a company like yours is not eligible to become registered to TS 16949 because it is not a manufacturer.  Clause 1.1 General of TS 16949 states this very clear:

“This Technical Specification is applicable to sites of the organization where customer-specified parts, for production and/or service, are manufactured.”

Furthermore, clause 3.1.11 from Terms and Definitions defines a “site” as:

“Location at which value-added manufacturing processes occur.”

Your second question is about how to attain TS16949 compliance.  Simply, you would need to purchase a copy of TS16949 and ensure that your ISO 9001 quality management system meets all of the TS16949 requirements.  The biggest difference between ISO 9001 and TS16949 are the requirements associated with advanced product quality planning (APQP) and production part approval process (PPAP).

The answer to your third question is yes, registration to TS 16949 includes full compliance with all the requirements in ISO 9001.  A separate registration is not necessary.

If you have further questions, please don’t hesitate to ask.

Denis J. Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
London Ontario
www.DevosAssociates.com

For more on this topic, please visit ASQ’s website.

Restructuring an Internal Auditing Program

Reporting, best practices, non-compliance reporting

Q: For the last 15 years, my company has employed a small cadre of full-time, dedicated safety management system auditors.

A current proposal in our company is to recast those auditors as HES Superintendents under the supervision of an operations or safety manager who has significant management responsibility within the safety management system.  This change will give HES Superintendents (persons performing audits) additional, non-audit tasks for performance on the premises of the auditee immediately before, during or after the audits.  Those non-audit tasks could include workforce training, management mentoring and evaluation, facility inspection, etc. In addition, this change will reduce about 50% of the number of audits performed per person in a given time period.

My concerns are as follows:

•  Supervision of the HES Superintendents (especially assignment, evaluation and compensation determination) by an operations manager, safety manager, or someone under their supervision, could constitute auditee control of the audit program, and a thwarting of the principle of auditor independence.

•  The addition of non-audit tasks to auditors’ work seems to open possibilities for audit conflicts of interest. Since HES Superintendents will participate materially in the ongoing safety management of the company, their independence and impartiality as safety management system auditors would be subject to question.

•  The 50% reduction in number of audits per auditor would result in dilution of auditors’ audit experience and therefore their expertise, leading to attenuation of the company’s capability to audit expertly.

In terms of the principles of management system auditing, are my concerns valid?

Do you know of other instances of this part-time-auditor approach being used in high-risk industries?

Any comment on the wisdom of this proposal?

Occasionally, multiple experts offer their expertise and viewpoints to assist quality practitioners. Add your voice by commenting on posts!

Bill Aston’s take:

A: You’ve mentioned valid concerns that should be assessed by top management prior to restructuring their organization’s audit program.  As I understand your concerns, they include two primary items:

1.    To ensure that the restructure of the audit program continues to provide auditors with independence, objectivity and impartiality from the processes and process owners to be audited.

2.    Potential result of a 50% reduction of the number of audits conducted per auditor diluting auditor experience and expertise.

With regard to the first item, this is a matter that top management should thoroughly evaluate to ensure that the requirements of ISO 9001:2008 — Quality management systems — Requirements, clause 8.2.2b internal audit, continue to be met.  This clause requires that The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.  Auditors shall not audit their own work.

In addition, although the requirements in ISO 19011:2011– Guidelines for auditing management systems are not auditable requirements, section 3.1, Terms and Definitions, (note 1), does mention the need for ensuring internal auditor independence.

The key point is that your organization’s registrar will most likely look very closely at how the audit program has been restructured to ensure that auditor independence, objectivity and impartiality have been maintained.

Regarding item number two, although maintaining an auditor’s level of expertise and experience are important, the primary purpose of internal audits is to assess the effectiveness and continual improvement of the quality management system and its processes.  If maintaining auditor expertise and experience becomes an issue due to the reduction in the number of available audit assignments, management should consider adjusting the number of auditors needed to meet the actual workload.

As you’re aware, ISO 9001:2008 requires internal audits to be conducted at planned intervals, but it does not prescribe any frequency for performing audits.  So this area is strictly a decision that must be made by each organization to meet their own specific requirements to ensure the continual improvement of the quality management system (QMS).

In summary, ISO 9001:2008, clause 5.4.2b Quality management system planning, requires top management to ensure that the integrity of the quality management system is maintained when changes are planned and implemented.  This includes the restructuring of processes such as the audit program.  Internal audits are one of the most important tools that an organization has to assess the effectiveness and continual improvement of their quality management system.   Therefore, it’s essential that the personnel performing these audits are trained, experienced and independent of the area being audited.

It has been my experience that there are few organizations that maintain a staff of fulltime QMS auditors.  Most organizations utilize staff personnel who are familiar with the processes to be audited and have been trained and are experienced as auditors.  Although they perform audits, this is usually not their only responsibility.  However, in some cases, large organizations may have one or two fulltime auditors who function corporate-wide and are supported by trained and experienced staff personnel on an as needed basis.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Thea Dunmire’s take:

A: Given that this question involves audits of a safety management system rather than a quality management system, the more applicable standard would likely be OHSAS 18001:2007 Occupational health and safety management systems – not ISO 9001:2008.  However, OHSAS 18001 also specifically states – “Selection of auditors and conduct of audits shall ensure objectivity and the impartiality of the audit process.”  Although OHSAS 18001 does not include the statement – “Auditors should not audit their own work,” that is definitely true.   As a general rule, auditors should not audit activities for which they are responsible or accountable.

It is common for organizations to utilize individuals as internal auditors who have other staff responsibilities.  Few organizations have dedicated environmental, health and safety management system auditors.  Most internal environmental health and safety (EHS) auditors have other responsibilities.  In addition, based on surveys conducted by the Auditing Roundtable, the overall management of the EHS audit program is often located within the EHS department, not in a separate internal audit function.  This can make ensuring the independence of the EHS audit program very challenging.

The important question isn’t whether specific individuals are auditing full or part time. Instead, it is whether all of the auditors utilized within the audit program have the appropriate independence, competence and resources to conduct the audits they have been assigned.  Independence I have discussed above.  By competence, I mean the general knowledge and skills needed for management system auditing (as set out in clause 7.2.3 Possess appropriate knowledge and skills of ISO 19011) as well as technical expertise appropriate for their audit assignments.  By resources, I mean that there is sufficient support, including adequate time, to conduct the individual audits needed to meet the objectives established for the audit program.

Identifying the resources needed for the audit program is one of the key responsibilities of the person assigned the role of audit program manager (as set out in clauses 5.3.1 Perform audit program management tasks and 5.3.6 Identify program resource requirements  of ISO 19011:2011).  Lack of adequate resources is a common weakness of many internal audit programs.  Often, internal audit programs have very broad and expansively-stated objectives, but lack the resources needed to achieve these objectives.  It is the audit program manager’s responsibility to point out this disparity to top management.  The solution is for top management to either adjust the objectives of the audit program, taking into account the policy commitments made by the organization, or provide more resources for the internal audit program.

A key requirement of a safety management system is identifying the organization’s legal and other requirements to which it subscribes.   These identified requirements must be taken into account when establishing management system programs and procedures.  This includes any legal obligations associated with establishing and maintaining internal audit programs.  For example, for organizations subject to the BOEMRE regulations (offshore oil and gas), the Safety Environmental Management System  (SEMS) regulations require that auditors be qualified and independent (see 30 CFR 250.1926).  Legal requirements, as well as the commitments made by the organization in its occupational health and safety policy (or its sustainability reports), must also be taken into account when identifying the resources needed for the EHS audit program.

Internal audits are one of the important ways of assessing the effectiveness of a management system.  The audit program itself should be reviewed to determine its effectiveness in accomplishing this task.  Changes can, and should, be made to internal audit programs but the potential impacts of proposed changes need to be fully assessed in light of the organization’s policy commitments and its legal obligations.

Here is a link to the Auditing Roundtable survey results I mentioned: AR Member Survey Results – Organizational Location of the EHS Audit Program

Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc.
http://www.enlar.com/
Largo, FL

Jim Werner’s take:

A: This is indeed a unique question.  I read and re-read this question over and over, and I have come up with the same opinion – “it depends.”  I am assuming “audit” is referring to an independent review of the quality system.  Some places use the term “audit” to mean an inspection activity.  If the past audits have consistently demonstrated the effectiveness of the quality system, then it is appropriate to reduce the number and frequency of the audits.

As far as the re-organization of the staffing of the auditing function – this is a management decision.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor

For more on this topic, please visit ASQ’s website.

Defining Qualification, Verification, and Validation

Q: I understand the hierarchy, but I would be hard pressed, if asked, to give a clear definition of the terms: qualification, verification, and validation. Can one of the experts help explain these terms? Thank you.

A: This is a great question and I hope I’ll be able to help you.

To begin, I refer you to ISO 9000:2005 Quality management systems – Fundamentals and vocabulary.  As you may already know, this document is used to define/describe many terms used in the ISO 9000 series, including the three words you question.

In 9000:2005, under clause 3.8 Terms relating to examination, we find:

3.8.4 verification
Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
NOTE 1  The term “verified” is used to designate the corresponding status.
NOTE 2  Confirmation can comprise activities such as
–          performing alternative calculations,
–          comparing a new design specification with a similar proven design specification,
–          undertaking tests and demonstrations, and
–          reviewing documents prior to issue.

3.8.5 validation
Confirmation, through the provision of objective evidence, that the specified requirements for a specific intended use or application have been fulfilled
NOTE 1 The term “validated” is used to designate the corresponding status.
NOTE 2 The use conditions for validation can be real or simulated.

Validation definition, as provided by ASQ's Quality Glossary.

3.8.6 qualification process
Process to demonstrate the ability fulfill specified requirements
NOTE 1 The term “qualified” is used to designate the corresponding status.
NOTE 2 Qualification can concern person, products, processes or systems.
EXAMPLE  Auditor qualification process, material qualification process.

I’ll try to expand on these definitions in hopes of making things a bit more clear.  Keep in mind that qualification, verification, and validation are individual processes, but the explanations below (from Boston Scientific) should help you recognize their individuality as well as their interdependence.

Validation is an act, process, or instance to support or collaborate something on a sound authoritative basis.

Verification is the act or process of establishing the truth or reality of something.

Qualification is an act or process to assure something complies with some condition, standard, or specific requirements.

For example:

A design verification verifies that a frozen (static) design meets top level product specifications.

A process validation validates that the on-going (dynamic) manufacturing process produces product that meets product/print specifications and consist of installation qualifications, operational qualifications, process performance qualifications, a product performance qualification and perhaps process verifications.

An installation qualification qualifies that equipment was installed correctly and are a subset of a process validation (or possibly a test method validation).

Validation Examples:
•         Design validation, sterilization validation, test method validation, software validation, and process validation.

Verification Examples:
•         Design verification and process verification.

Qualification Examples:
•         Installation qualification, operational qualification, process performance qualification, product performance qualification, and supplied material qualification.

After reading all of this, I am confident you would be able to explain qualification.  An old and trusty phrase to help summarize the other two is: Validation – Are we producing the right product?; Verification – Are we producing the product right?

Bud Salsbury
ASQ Senior Member, CQT, CQI

ISO 9001 & Time to Retrieve Records

Q: I am looking for an interpretation for ISO 9001:2008 Quality management systems–Requirements, clause 4.2.4 Control of records: “Records shall remain legible, readily identifiable and retrievable.”

What is considered readily retrievable (i.e., 24 hrs, 48 hrs, 8 hrs, 1 hr)? I have a customer who thinks traceability records should be available within an hour of a request. I interpret readily as 24 hrs. The current ISO and TS specifications do not indicate a time, so a reasonable time to me is 24 hrs to pull the information together.

In addition, the customer’s supplier requirements also do not have any specified time for document retrieval. I did contact our third party registrar auditor and he indicated that 24 hrs would be considered readily retrievable as long as there were no customer specific requirements.

A: There appears to be some confusion between records being “readily retrievable” vs. a customer’s request for the delivery of copies of records.  These are two separate issues.

The first issue:  What is meant by “readily retrievable?”  ISO 9001 does not prescribe any specific timeline or define the term “readily retrievable.”  However, the intent of this requirement is to ensure that objective evidence is available to provide proof of conformance or evidence that requirements have been met.  If the organization is unable to provide records upon request during an audit, the auditor will very likely document this as a nonconforming condition. Records must be available upon demand.

The second issue is response time to customer requests for records.  Although records or evidence of conformance may be “readily retrievable” within the organization,  the response time needed for an organization to provide copies of records to a customer may vary based upon the organization’s work load and availability of resources.   So, it may take an organization an hour, a day or a week to deliver copies of records to a customer.  In the event that the timely delivery of records is critical, requirements for the delivery of records should be stated in a contract or in a PO to provide a timeline or a delivery schedule.  The delivery of copies of records or documents to customers is not addressed in ISO 9001, clause 4.2.4.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

For more on this topic, please visit ASQ’s website.

ISO 9001 and CMMI Certifications

Manufacturing, inspection, exclusions

Question

Our company is working toward certification to ISO 9001:2008 Quality management systems–Requirements and Capability Maturity Model Integration (CMMI) certifications.

I have studied  ISO 9001 and mapped it to CMMI goals and practices. It appears to me that some sections of ISO point to CMMI level 3 process areas and practices, e.g.:

  • Clause 5.6.1 Management review – General relates to organizational process areas
  • Clause 7.2.1 Determination of requirements related to the product is relative to requirements development, which is a level 3 process area
  • A large part of clause 7.3 Design and development maps to CMMI level 3 process areas

My question is:

Does an organization need to be at CMMI level 3 in order to be ISO 9001:2008 certified? I am not saying certified CMMI level 3, but capable of performing at CMMI level 3?

Thank you so much.

Answer

Although the guidelines contained in CMMI may help to prepare an organization toward ISO 9001 certification,  there are several major differences between CMMI and ISO 9001.

ISO 9001 is an internationally recognized standard for quality management systems.  While CMMI is a Carnegie Mellon University registered trade mark.

ISO 9001 has specific requirements for documented procedures for the control of documents, control of records, control of nonconforming products, internal audits, corrective actions and preventive actions.  In addition, a quality policy, measurable objectives, and management reviews are required.

CMMI is focused on process improvement, while ISO 9001 focuses on customer satisfaction, process improvement, product conformity and the continual improvement of the quality management system.  An organization could be CMMI certified or “capable” as mentioned in the inquiry, but still be some distance way from readiness for ISO 9001 certification.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Here’s more information about ISO 9001.

OHSAS 18001 and ISO 9001 Work Environment Requirements

Workplace safety, OHSAS 18001, work environments

Q: We had the opportunity to get the certification for OHSAS 18001:2007 Occupational health and safety management systems — Requirements. While looking at the clause interaction between ISO 9001 Quality management systems–Requirements and OHSAS 18001 given at the end of the standard, I did not find any interaction between the standards for clause 6.4 work environment in ISO 9001.

Am I missing anything or is there any reason for it?

A: I am a U.S. Technical Expert for ISO 9001 and associated  quality management system (QMS) standards and have been involved with QMS standards since 1975.

In my opinion, the answer to your question is that the developers of OHSAS 18001:2007 did not feel that ISO 9001 clause 6.4 related to 18001. This, incidentally, I find puzzling.

The requirement in ISO 9001:2008 Quality management systems–Requirements clause 6.4 reads: The organization shall determine and manage the work environment needed to achieve conformity to product requirements.

In other words, you should make sure that your employees have an adequate work environment for producing your products. They should have adequate room temperature, lighting, and etc.

The 2005 report: Integrated Management Systems (IMS) – Potential Safety Benefits Achievable from Integrated Management of Safety, Health, Environment and Quality (SHE&Q) from Environment Directorate, Organisation For Economic Cooperation And Development, Paris, includes the following which might be of interest to you:

“OHSAS 18001 and National Standards

During drafting of the original BS 8800 a major division of opinion arose as to whether or not independent assessment and certification of an organisation’s OSHMS should be encouraged, as for QMS and EMS.  Some viewed such certificates as valuable, particularly in the context of effective supply chain management, others believed that existing certification processes: added minimal value, required excessive resources and resulted in unused manuals – so new certification processes should be resisted.  It proved impossible to reconcile these views within BS8800, which was structured and published as a non-certifiable standard.

As a result, an international consortium of certification bodies, including the commercial arm of BSI, produced the OHSAS 18001 specification in 1999, followed by implementation guidelines OHSAS 18002 in 2000.  Neither document is an official British Standard, but OHSAS 18001 either is, or is likely to become, a national standard in other countries, notably in Pacific Rim.  A recent survey by BSI identified that over 8000 OSHMS certificates have been issued in 70 countries, to many different standards and guidance, and that some 46% are to OHSAS 18001.

With the revision of BS 8800, from which it is derived, it might be presumed that OHSAS would be updated automatically.  A review is indeed planned, but the decision on when to publish a revision will take into account other factors, including the needs of current new users to have time to ‘bed down’ their internal processes before revising them to meet an improved standard.  When a revision is agreed, it is likely to include some alignment with other high-quality national standards such as AUS/NZ 4801, to aid recognition as a truly global standard.

A new US standard was published in 2005: ANSI/AIHA Z10 – Occupational Health and Safety Systems.  The format includes both a standard and associated guidance, but is not intended as a basis for certification.  It is fully compatible with ISO 9001/14001 and takes account of the other national/global OSHMS documents outlined in this section.”

OHSAS 18001:2007 is not an ISO standard. It appears to be simply an update of OHSAS 18001:2000. Its development was driven by the British Standards Institute which publishes the standard and profits directly from its distribution and sales.

Part of the answer to your question is to evaluate for yourself:

1) Why did you go to the expense to be certified to 18001:2007 and who were the customers that you were satisfying by doing this?

2) What is the expectation of these customers?

From a practical standpoint, consider embracing the concept in ISO 9001 clause 6.4. I would expect that providing your employees adequate conditions for producing products can only improve your product offerings and help to enhance customer satisfaction.

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)

ISO 9001 Management Representative and Reporting Structure

Inspection, Management, Management Representative

Q: Please define the preferred method of meeting the requirements of the management representative in regards to clause 5.5.2.b in ISO 9001:2008 Quality management systems–Requirements.

My organization has reorganized, and I find the role of management representative somewhat detached. I work for a military organization that would like this role to be several layers below the base captain vs. the open door policy for the management representative used by previous commands. Should the management representative have direct access to the top?

A: There is no defined or preferred method for addressing the reporting arrangement for the management representative to top management. Your organization defines and deploys the approach that is workable for the management representative to report to top management.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more on this topic, please visit ASQ’s website