- About Us
- Our Services
By Michael Haycock, Sr. BRC Quality Consultant
There appears to be real hesitation about changing to the new standard – ISO 9001:2015. We understand the responsibility for maintaining your QMS takes a lot of time and effort. Then – those people who are distant from the actual work and practices decide that it is time for a change. The “gnomes” in Switzerland have been busy again. Actually, these are real people just like you and I (I think) who are identifying what are considered to be global “best practices” – and to have their approval – we have to carry out their expectations.
Our words of encouragement are:
Here’s a start…
The standard is the premise for your QMS (Quality Management System) so use it. I have most frequently taken the “Standard” and blended it into a “Policy” Manual. First it clearly identifies what needs to be done – and ensures all requirements are covered. Second it provides a clear map to the actual detailed activities covered by your procedures, work instructions and any related documentation.
Now I hear voices (harmless) that a Quality Manual is no longer required. True – but what is required and what is useful may be different. While a “Policy” Manual is often a close reflection of the standard, the intent AGAIN is to provide direction. Especially with all the structural changes – how will that work for you? My suggestion is to keep much of the documentation you have in the form of procedures and work instructions “the same” or almost, and use the Quality Manual to point to how the requirements will be covered.
Reference to SOP
5.1 – 5.6
SOP – 5
5.1 – 5.3
SOP – 5
6.1 – 6.3
“SOP” stands for Standard Operating Procedure if you had one. My example is not an exact “one for one”, but the intent is to show we can keep much of what we’ve already done, and change and enhance whatever else is necessary. A procedure that would cover one requirement in the past could now be used to cover multiple sections – because of the structural change.
While words “procedures” and “records” are no longer specifically used, this is how most of us “humans” have identified documentation since 1987 – and will continue to do so.
There is a high level “Process Representation” of the structure of ISO 9001:2015 in the standard on Page viii. This could be a starting point for identifying processes. You may also keep much of what you already have done in process identification and add to what may not be clearly covered or needs to be enhanced.
This means the methods to identify processes – through process mapping, flow charts or your “historical” procedures – are your choice. While process mapping has been “pushed” (and I believe it is a good tool), there is no one right way. What is right is what works for you and what resources you have available to carry out these activities.
Since you must identify your processes anyway, have a “process owner” identified (make this part of your Section 5 “Leadership” requirement). Once you have your processes laid out to the extent and detail necessary for your organization, use this as the starting point to identify and address risk. There are some complex tools and simple tools available to “articulate” what the risk may be and what controls may be necessary depending on the threshold the organization has established for itself. (I’m more of a “simple tool” person myself.)
While the significance of the risk is important, I believe what is most important is the actual identification of the risk in the first place. (A “risk” not identified will almost certainly be a risk not managed.) There are many ways these activities may be addressed – I always look for what is useful, practical and beneficial to the organization.
There is a bit of effort involved with this, but with a linkage between the old and the new this then allows you to know what you can keep, what can be modified, and finally what is new to be added. This is also the time to change what and where the organization feels there is value to be gained.
The quite radical change in structure and wording (not using procedures or records) has probably caused more concern than should be necessary. There are a number of activities that are clearly identified that would have been covered in the past, but most frequently unspoken or not specifically documented. We don’t want to overload, so we will try and provide an article with each review that will identify and hopefully “demystify” (I don’t get to say that much).
There is certainly much to do – we’ll work to help make it understandable.
… and our antelope and lion? We need to be running now more than ever – probably sooner and faster.
On the vast plains of Africa, the sleek, agile antelope beds down for the night, knowing that in the morning, to survive, it must run faster than the fastest lion or it will be eaten.
On the vast plains of Africa, the powerful and majestic lion beds down for the night, knowing that in the morning, to survive, it must run faster than the slowest antelope or it will starve.
To survive, you know one thing for certain. Whether you are the lion or the antelope, in the morning “you’d better be running!”
Hoping you can settle a difference in opinion. When completing an audit, we identified that we were not meeting our performance target in a particular process.
My co-worker’s stance is that it warrants an NCR, as it is a self-imposed requirement. My stance is that it is a target, not a requirement, and that not meeting it does not warrant an NCR.
Can you provide some guidance?
One is never wrong to initiate an NCR when a process has not achieved its intended outcome. At the same time, it also depends on the process which is being measured. If the target concerns a personnel performance target, then an NCR is not appropriate. If we are dealing with a target for process effectiveness or efficiency, I would seriously consider raising the NCR, if only to reinforce the need for process improvement to senior management.
If this is addressed as part of management review, as a specific agenda topic, then no NCR is required.
Hope this helps!
- Ted Uffen, BRC Quality Consultant
By Ted Annis, BRC President
“Improvement” is one of the 7 (now modified) quality principles outlined within ISO 9001:2015, and is a fundamental component of any management system. We often see organizations making a commendable effort to improve processes, procedures, products, etc. Unfortunately, we also see some companies that are paralyzed by the process. The intent and effort is there, but while searching for a perfect solution they miss many opportunities for incremental improvements.
Do you recall the “Leaping Frog” problem from grade school math? A frog starts in the centre of a pond and tries to hop out, but each leap covers just half the remaining distance to the edge of the pond. Will the frog ever reach land? The answer, of course, is “no”. Although in time he will come frustratingly close, he will always leap just half the distance and will never reach his goal (unless we use university math, which I long ago swore not to revisit).
In the quality business, we work on a similar principle, but with a strikingly more optimistic outlook. Though our poor amphibian friend has an absolute objective (the shore or bust!), in quality we set improvement as our goal and understand the value of taking incremental steps forward.
An effective improvement process does require some structure, but when it comes to the goal of having a positive impact on your business, our Nike-like message is to “just do it”.
We’ve identified 6 key elements that you can use to help shape your improvement strategy. In this issue, we’ll look at the first 3…
1. Understand “Continuous” vs. “Continual”
In previous editions of the ISO 9001 standard, the operative term was “continual improvement”, and for many years we have encouraged organizations to note the difference between the concepts of “continual” and “continuous”. These terms are often used interchangeably without harm, but there is a subtle difference in meaning that can help to illustrate the point. Continuous is defined as “uninterrupted in time”, while continual means “of regular or frequent recurrence” – one long, ongoing effort vs. many independent actions.
The effort to improve should be continuous, but when it comes to actions supporting our QMS, we should be continually doing things (big and small) to make improvements.
Make sure that your approach/process/procedure is focused on doing things. It’s great to have systems, plans and elaborate procedures that are “continuously” in use, but real improvement comes through “continual” action and the repeated implementation of good ideas.
2. Set Goals (Objectives) and Take Steps
Of course, in Quality Management we are also quite big on setting goals and objectives. A Health & Safety target of zero lost time incidents in a calendar year may or may not be practical or reachable (depending on the organization), but certainly there is value in setting it and striving to reach it. It is important to remember that there is no silver bullet solution that will attain the objective. Searching for a grand solution may very well distract you from implementing smaller improvements, each imperfect on its own but still of value and an important part of the long-term effort.
3. Avoid Perfectionism as a Hindering Behaviour
While setting an objective of perfection is good practice, we must be on guard against perfectionism in the implementation of solutions. Perfectionism in its positive form motivates us to continually raise our standards and strive to improve both ourselves and our organization. Perfectionism in a negative form includes the belief that any work or output that is less than perfect is unacceptable, and often leads to the dismissal of very good ideas and solutions…on the grounds that they are not perfect.
Here are some signs to help you identify unhealthy perfectionism within your organization or QMS:
In Part 2 (coming soon!) we’ll share more suggestions and strategies to help with improvement. Visit our blog at www.thebrc.ca/category/blog or watch our next newsletter for more.
The CEO of a toothpaste factory was made aware of a growing problem: they were increasingly shipping empty boxes, without the tube inside. Concerned about customer satisfaction, the CEO assembled his top management team, which decided to hire an external engineering company to solve the problem.
The project followed the usual process: budget and project sponsor allocated, RFP, third-parties selected, and six months and $8 million later they had a fantastic solution – on time, on budget, high quality and everyone in the project had a great time. The solution included the use of high-tech precision scales that would sound a bell and flash lights whenever a toothpaste box weighed less than it should. The line would stop and someone had to walk over…remove the defective box…and then press a button to re-start the line.
A while later, the CEO requested an ROI report on the project. Amazing results! No empty boxes had shipped out of the factory, there were very few customer complaints, and they were gaining market share.
“That’s some money well spent!” said the CEO…and then his eyes drifted to the other statistics in the report. As it turns out, the number of defects picked up by the scales after 6 weeks was exactly “0″. It should have been picking up at least 300 each day, so maybe there was something wrong with the report?
The CEO re-submitted the report for further review, and after some investigation, the engineers come back saying the report was correct. The scales weren’t picking up any defects because there weren’t any. All the boxes that got to that point in the conveyor belt were good!
Puzzled, the CEO made his way down to the factory and over to the part of the line where the precision scales were installed. A few feet before the scale there was a $20 desk fan, blowing the empty boxes off the belt and into a bin.
“Oh that,” said one of the workers when asked, “One of the guys put it there ’cause he was tired of hearing the bell and pressing the button!”
Moral of the Story? Work hard to involve your team when looking for improvements. They have a wealth of knowledge, experience and ideas to contribute.
By Michael Haycock, Sr. BRC Quality Consultant
In Part 1 we laid some groundwork by reminding ourselves that emergency and risk management, at a basic level, involves identifying and evaluating risks…and then making plans to prevent, mitigate or respond.
Here in Part 2 we’ll look at a simple methodology to provide just a little structure to these activities…
Review with others in the organization what you would need or expect to accomplish. Perhaps there are small steps needed to begin. Contingency planning and objectives could identify starting points. There is a need to identify the actual or potential risks that face the organization at least at a very high level. Once the overview has been completed the expectation needs to be communicated within the organization.
2) Management Involvement
Recognize the need for the total support of any system by the most senior management. If the value of what is created and implemented is recognized, it will be much easier for management and the organization to support. This can be a challenge – as busy as everyone is – and as clear as the need to be responsible for available funds. The value of course is not just in our preparedness but also in the “due diligence” that comes with practical and legal connotation. We just don‘t let “stuff” happen to us.
Identify the potential of emergencies (risks), and consider a response. Planning should include risk assessment to recognize and allow for the appropriate response.
Every municipality in Ontario is required to have an Emergency plan. Because of my interest, I have actually read some. Most seem based on the same template which is OK, but I have some questions:
Some time ago I was invited to a “local” fire department and the Chief was kind enough to explain the effort that went into their planning. Even when they’re not responding to a fire, car accident, etc – they are preparing. While not usually or easily impressed – I was.
Skills and knowledge of people involved in the system need to be identified to allow for effective participation and response. What are the skill sets necessary to prepare people? We cannot assume. This is like actually expecting the Wizard of Oz to help Dorothy find her way back to Kansas.
There is an interesting “new” requirement” in ISO 9001:2015 – Organizational Knowledge (7.1.6). This is information that, generally, is specific to the organization.
Some years ago a group of us were flying home on a small company plane. There had been and was quite a snowstorm and there was a question of whether we would be able to fly into our little local “country” airport. A major airport was within distance but this would mean renting a car, coming back for the plane, etc, etc. The pilot changed course for the major airport. While there was some inconvenience, I learned later a previous company aircraft had crashed during a similar situation 2 years earlier, when the senior executive on the plane “overrode” the pilot’s decision and had him “try” to land on the “home” field. (Two killed, everyone else injured.) What would seem obvious – the pilot should make that decision – was not. The ultimate inconvenience is not making it home at all.
While most of our work activities are not this dramatic, even a simple structure could be of great use. Incident Command System (ICS) could provide an effective system for emergency management for any organization. Even without the structure of a complete system – the basics would allow for some control in an emergency.
5) Operational Controls
There is a need to provide absolute clarity in your methods of operation. Some controls could come from other management systems that you have in place for Quality, Environment and Occupational health and safety. Controls should be periodically reviewed to ensure the mission and mandate of the organization is supported – and followed. When traveling I often read the local news. There was an article that caught my attention on the response of emergency vehicles. The city council required their emergency response team obey all traffic laws (with some leeway) including speed limits. They had a number of serious accidents involving emergency vehicles. The philosophy changed from speed is of the essence – to arrival is of the essence. (You help no one if you are also involved in an accident.)
6) Core Activities
To identify the essence of emergency (risk) management could include core activities such as:
Preparation – to consider what can be done to prevent, mitigate, respond and recover.
Prevention – to prevent the event or incident from occurring.
Mitigation – to lessen the impact of any event.
Response – actual response to deal with the occurrence (including ICS).
Recovery – clean up, fix up, debrief and lessons learned.
Some of the core activities are different from those traditionally identified – hopefully we have offered some improvement.
7) Evaluation and Checking
To identify the need for a response mechanism when the emergency management system doesn’t work as expected. This could include:
Commercial for profit manufacturing and production, not-for-profit, government at any level, hospitals, hotels, schools, airlines, railroads, etc. – any organization can benefit from clarity in response expectations – especially in the case of an emergency.
Stuff happens. Recently a “sink hole” opened up in downtown Ottawa. (No jokes please.) There was a picture of a van – in the sink hole. This changed traffic patterns (aside from those of the van), travel routes and a considerable increased awareness of the infrastructure requirements. The point is not to be able to prepare to respond to a sink hole – but to have considered how to prepare to respond, in some manner – whether you are municipal government or a business that is not getting its deliveries.
This article was specifically intended for September “Emergency Preparedness” Month. Obviously much of this could also be used in general to address risk requirements now part of ISO 9001:2015. The value should be that even if you can’t do everything, you can do something.
“Be prepared”. What was true when we were young hasn’t lost anything with time.
IATF 16949:2016 has been released and ISO/TS 16949:2009 is now officially in the process of being replaced. In Part 1 of this subject we introduced the What, Why and When…and here in Part 2 we’ll talk a little bit more about How you can make the transition…
The transition process is a team activity (hopefully!) for you and your organization. With the number of changes included in the ISO 9001:2015 standard, plus the automotive specific changes arriving within IATF 16949:2016, the principles of communication and involving others will be more important than ever.
Some key elements/activities that will need to be part of your plan…
The need here is three-fold.
1) To provide an understanding of new requirements to those who will support the transition (including management). What are the new requirements? The biggest changes? How will they affect our processes? How will it affect my role and responsibilities? This group should include those who work with the QMS on a regular basis and/or those who will be ultimately asked to support or approve conceptual and structural changes. Early training on the new standard is the best form of communication, and the best way to garner support where needed.
Look for a 1-Day “Transitioning” course that will focus on the changes from old to new, and consider that management may only need the portions of the training that relate to them (Leadership).
2) To provide required knowledge and tools to those who will make the transition happen. This training starts with a review of the new requirements but continues to offer more depth on new concepts and their practical implementation, as well as hands-on practice with the tools and activities that should be part of your transition efforts. Where do new requirements and concepts arise within your QMS? What are some strategies and techniques to address them? What are the key activities of an implementation/transition project?
This is typically a 2-Day “Understanding and Implementing” course that gives this key group the depth of understanding they need to effectively transition your QMS.
3) To train your internal audit team and prepare them to conduct effective audits once the system is updated.
A 2-Day “Internal Auditor” course will teach the new requirements from an auditing perspective and review auditing skills and techniques. The ideal timing for this training is right when your new, updated QMS is ready for an internal audit, and an extra day or more of Audit Workshops (hands-on audits led by the trainer) will add a practical element to the training and get some audits completed in the process.
This is an audit of your existing QMS against the new IATF 16949:2016 requirements to identify the “gaps” between what is currently in place and what the new standard requires. Some organizations handle this internally while others contract it out to a consulting firm, in which case the key is to get a report that includes enough detail to be helpful with your project planning.
You may, by the nature of how you conduct your business, already be doing some or many of the things required in the new standard. The first important step in your implementation project is to get a clear picture of exactly where you stand…and what needs to be done.
Fill the identified gaps by modifying processes (or adding new ones), update documentation and train employees on changes, then audit to see how well things have stuck. The new standard includes several new concepts that may require new tools and approaches (risk, leadership, documented information, etc.) and this is a common place for outside consultants to offer guidance, advise on best practices, and help to reduce the internal workload.
Get Your Copy of IATF 16949:2016. Visit the AIAG Website to order your copy of the new standard.
Stay Up to Date. Visit The BRC’s Automotive Quality Information page for access to resources and to join our mailing list.
Watch for updated news and announcements. Visit us regularly at www.thebrc.ca for updates and blog posts, and subscribe to our monthly Quality Review Newsletter for insight, opinions, and the latest in quality news.
Train your teams. Dates for training courses for the new TS16949:2016 standard will be available soon! Join our mailing list for info on dates in your area or Ask Us About On-Site Training to have a course delivered at your location.
Consider The BRC for specialized services to assist with implementation. Our experienced consultants can help with Gap Analysis Audits, documentation review and revision, systems/process improvement, and other transition work. Contact Us to learn more.
There is no cost or obligation…and you’ll have access to hundreds of resources, newsletters, blog posts & more.
Click on a resource below to get immediate access…
IATF 16949:2009 Transition Strategy – This 11-page document from the IATF provides detailed guidance on the transition process, including timing, the audit process, nonconformity management, and more.
IATF 16949:2009 Press Release – The IATF’s official press release announcing the upcoming release of IATF 16949:2016 and its relationship with ISO 9001:2015.
IATF 16949:2009 Transition Plan – Released in April 2016, this 11 slide PowerPoint presentation (in PDF format) provides a general overview of the transition timeline and scheduling options.
By Lynn Clyde, BRC Quality Consultant
The ISO 9001 standard is revised every several years to ensure that it is relevant for the marketplace and that it continues to offer the best possible practices for your Quality Management System. The ISO 9001:2015 international standard was officially released in September 2015, and organizations have 3 full years from the date of release to update their QMS to the new requirements. This means that organizations will be required to have their QMS meet the new requirements by September 2018 at the latest, and ISO 9001:2008 will no longer be recognized.
When transitioning to the new version, organizations may consider the following action plan. Keep in mind that this plan is not all inclusive and every organization will be different, depending on the existing QMS that is in place. This is a guideline and the action items do not necessarily need to be conducted in this order, but it is strongly recommended that the first few items be addressed first.
1) Presentation to leadership on the new requirements of the standard. Consider the information in the IRCA white paper “ISO 9001:2015 Understanding the International Standard”. Visit the BRC Resource Library or download a copy directly.
2) Establish a steering committee for the transition to ISO 9001:2015. Hint: this should involve “leadership”. J
3) Conduct a Gap Analysis
4) Determine/clarify context of the organization (4.1).
5) Determine/clarify interested parties and their needs and expectations (4.2).
6) Review/clarify the scope of the QMS (4.3).
7) Review the processes of the organization, ensuring they include the required information for the process approach (4.4). This could also be done later in the implementation.
8) Review quality policy to ensure alignment with context and strategic direction (5.2). Communicate it to the organization – again and again and again….
9) Identify risks and opportunities throughout the organization (6.1, etc.). Consider identifying them for all key processes/projects and significant changes to the QMS.
10) Review quality objectives for alignment to the policy and strategic direction, ensuring they are measured, evaluated and there is an action plan to achieve them (6.2).
11) Consider developing a communication plan for all key communications in the organization (7.4). Note: there is no requirement in the standard to maintain this as documented information.
12) Communicate the requirements of ISO 9001:2015 to the entire organization (7.3). Ensure that all employees understand:
13) Ensure there is a system for addressing change management (6.3 & 8.5.6).
14) Determine/clarify the systems for capturing and maintaining organizational knowledge (7.1.6).
15) Review monitoring, measurement, analysis and evaluation, including customer satisfaction (9.0).
16) Conduct internal audits to the new version of the standard (9.2). This can begin as the new version is being implemented.
17) BRING ON THE REGISTRAR!!
If a sub-supplier is certified to Nadcap but not ISO or TS, how does that affect our relationship and what would need to be done to keep them as a sub-supplier? The sub-supplier has never been ISO or TS certified but a waiver was obtained from the customer to use them in the past.
Good question! There are various accreditation schemes / systems out there, and the relationships need to be explored individually, as each case applies to the overall situation.
As you are aware, “Nadcap” is the National Aerospace & Defense Contractors Accreditation Program, administered by the Performance Review Institute to provide accreditation of various special processes conducted as a service to industry. The AIAG has its own program in the CQI series. As a result, automakers tend to favor that system. Certainly, equivalencies do exist, and a waiver is the appropriate manner of submitting the data required to establish that equivalency.
At this point, I am unaware of any equivalency matrix, or of any cooperation between the two organizations. There are many businesses with which we work that deal in more than one customer orientation – Automotive / Defence / Aerospace, etc. It would be beneficial if an authorized equivalency matrix were to be developed – sadly, none exists, so the waiver is the best course of action for now.
Hope this helps.
- Ted Uffen, BRC Quality Consultant