Thoughts from our own Senior Program Manager, Registrar Operations and Lead Quality Auditor, Pete Kucan
What Does Santa Have Up His Sleeve This Year For Next?
Holiday greetings to all the good little girls and boys who play in the land of ISO Management Systems! Has Santa got a sleigh full of new toys for you! Let’s start with ISO 9001:2015 which looms ever larger over the North Pole as its anticipated publish date of September 2015 gets closer. Santa has heard that some girls and boys have already taken training to the new standard but he cautions them that the final ballot is not expected until July and so it may change before then.
However, one of his “insider elves” has reported that in this new standard, which will have a three year roll out beginning on the date of publication, the process approach to systems management, as well as registrar auditing, will be even bigger than before. Even much more focus on the customer can be anticipated. And there will be an expectation that risk-based thinking will be used at all levels of the business, resulting in preventive action. And preventive action is reportedly going away in its present form. But, the “insider elf” did whisper to Santa that any in-house training by the girls and boys should include ISO 9000 so that definitions of terminology are clear before attempting training to the new ISO 9001.
The EMS Elf has put a present in Santa’s bag too! ISO 14001:2015 is due out next year as well! Oh boy! Its roll-out will probably be three years from publication date too. The EMS Elf said to expect all that process stuff to be prevalent in 14001 along with metrics of performance and goals objectives too! Jiminy Crickets!
And Santa has not forgotten all those aero girls and boys. He may not have a new AS 9100 management system standard for you this year, but don’t cry, as he has gifted all the good little Aero Auditors with a New Methodology with which to perform Aero Audits called AS9101E. They all get to play this game by July 2015! The Aero Elf has been sure that this gift includes much more emphasis and use of process auditing and has given the PEARS a dose of Holiday Steroids. So all those aero girls and boys might want to study a copy of the AS9101E so as to prevent getting coal in their stockings from their friendly aero auditors.
So be sure to have a happy holiday and get ready for an exciting New Year! Thanks Santa! We owe ya!
Lest You Feel Neglected
Believe it or not, and to our own personal surprise and delight, our blogs are read by an incredible number of people and sometimes even generate commentary. This was true of our recent blog titled "Delusions of Readiness" wherein we discuss the Aero Industry’s dismay over "soft grading" of nonconformances.
The particular comment that caused us pause was from the representative coach, chief cook and bottle washer for an ISO 9001 registered client who has a rather vigorous management system. "So why is it that you write that the Aero Industry alone is concerned with soft grading? Shouldn’t the entire registered community be held to the same expectations?"
Well, of course. And I actually DID write in the blog not to "be surprised if this mentality flows into other non-Aero standards as well," but I understand and, frankly, applaud the question. I suppose the implication is based on the Aero Industry vocally and visibly raising the sector-specific bar of expectation while, by comparison, ISO 9001 tends to cover such a large base of industries that a similar sector-specific voice would be difficult to find.
So, I recommend that rather than wait for there to be an outcry of similar vision from the customers of ISO 9001 registrants, that raising of the bar in the ISO 9001 world has to start at home. You, dear reader, have the power to set expectations for your particular registrar and auditor. If your audit is the victim of a soft grading auditor (even though no one would argue the exhilaratingly short term rush in response to formal corrective action avoidance), you must seize your right and raise complaint to your registrar. (I know: you think I have just lost touch with my senses, but you ARE the customer and you ARE paying for the audit service that should provide beneficial outcomes.) So, in closing and in response to the bottle washer, Gandhi said it best: "Be the change you want to see in the world." or at least, the change you want to see in your audits.
You have heard of March Madness? Fantasy Football, perhaps? Well, I have a new one for you – Fantasy Management. Every now and again, I get to be the “pesky auditor,” out there in the trenches, serving clients with scrutiny and smiles. At a recent client surveillance audit (now this client has always been a curve distorter: engaged top management, executive staff and production workers, excellent processes, good adherence to said processes; actually living the system! So the rest of the story should not surprise you, but I nearly flipped!), I discovered that the visionary quality manager had engaged one of his top inspectors into the internal auditor team. The manager also created a process-based internal audit schedule that actually included customer focus / satisfaction as a process to be audited.
So, when the seasoned inspector was auditing top management, she called them on commitments that had been made in management review two years prior that had yet to be adequately completed. She even rejected top management’s first response as inadequate! Naturally, we may all sit here in awe of the quality manager who envisioned this audit, and certainly of the auditing inspector who declared her worth, but my pick is the top management official who not only expects deep scrutiny in the company internal audits, but permits it of himself! Fantasy management – we have all longed for it somewhere in our careers! I promised him that I would not use his name for fear of his safety when other managers hear of this! Nevertheless, it was great to find this terrific organizational maturity with ISO 9001 among our family of companies!
PS: the auditor also gave him an opportunity for improvement. Consider: in addition to a satisfaction survey of the top 20 customers, also surveying brand-new customers who represent potentially large accounts! We should all have such perceptive auditors!
2013 My Head is in the Cloud
It began innocently enough. Sitting there across the desk from an eight month new engineering employee at one of our favorite clients, I asked the open ended question about what he liked about his work. He explained, with ample youthful enthusiasm (which I have observed more often than not these days is usually attached to some form of, at least to me, new technology) that he appreciated the opportunity to continue his work during the home hours via saving his work on his office computer to a downloaded Microsoft product called Dropbox. This made it easy to access his newly altered work at home on his computer via the same software. Technical neophyte that I am, and driven by Control (and, oh by the way, Protection) of Records paragraph 4.2.4, I naively asked “…and where does Dropbox store these things?” Smiling confidently, he replied “The Cloud, of course!” The Cloud of course?!?! And who controls The Cloud? Who backs up The Cloud? Who protects The Cloud? My brain was racing.
Call the IT guy! I have a question or two for him. So Mr. IT, what can you tell me about employees possibly vaporizing company files into The Cloud? As near as I could tell, Mr. IT’s reaction was a close facsimile to Anaphylaxis Shock. The Cloud!? No IT guru worth his salt would permit such a blasphemy! “But nay” he affirmed. “This would put our files at risk and it would be against IT policy!” (I did not have the heart to tell him that in order to accomplish this, the kid had downloaded Dropbox to the company computer, the highest anathema to the Rule of IT Order.) This, then, started a lively discussion concerning eager and resourceful, technologically talented employees and the onboarding process of the same that should teach them the dangers of such record or data storage, record control, protection and the potential opportunity of an ITAR violation, and even the possibility to incorporate of such tools to the Rule of IT Order. Nevertheless, this might surely be a topic of food for thought and investigation by you, dear reader, lest the Pesky Auditor uncover your horizon fraught with cumulonimbus storms brewing undetected by your IT Weatherman.
So what have we learned with AS9100C?
Just when you thought it was safe to schedule your next AS9100 audit, you remember that it will be to AS9100C. While there are enough changes in the standard to make one sit up and take notice, what surprised me was the amount of instructional content that was captured, and many times overlooked, in AS9101D, the new checklist that was not a checklist. No doubt countless hours were spent devising this tool to take aerospace audits to the next level of effectiveness. What should have been of interest to all auditors and auditees first was Section 4 Auditing and Reporting. Here one found the reasons behind the new audit methodologies but more importantly, what should have been experienced once the auditor came on site to perform an assessment, re-assessment or upgrade audit to AS9100C. You discovered that there can no longer be a Stage 1 document review and audit planning session right next to a Stage 2 assessment audit, days back to back. There had to be an amount of time between the Stages so the client can repair any issues discovered during the Stage 1. The Stage 1 audit also included an onsite visit as part of the audit. This involved the review of the documents and should have included a tour of the facilities so that the audit team could gain a greater understanding of the organization’s processes, equipment, areas, products and state of readiness in preparation for their Stage 2 audit. Generally, the length of time for an upgrade audit should have been about the same as that for a reassessment, even if performed during a surveillance audit. In retrospect, hopefully the AS9100C registration or upgrade audit was not as painful as predicted and by now has become a new rhythm within your company…..awaiting AS9101E……did I say that?
Delusions of readiness
So you think your registrar Aerospace auditor is tough, put on your seatbelt and raise your tray tables because there is turbulence ahead! It appears that the ultimate customers in the Aero ranks have made it clear that they have not been a happy lot with regard to the oversight of auditor performance in the past. Perhaps your regular auditor has previously seen a singular finding and, to your relief, looked away not writing you up? A-HAH! You have been an unknowing victim of what the industry is now calling “soft grading”. How did it feel? Pretty good, huh? Well kiss those days good bye as all Aerospace auditors have been instructed to soft grade nevermore. And don’t be surprised if this mentality flows into other non-Aero standards as well. Let’s face it statistically. If in the small sample that your auditor selects to verify your compliance on an issue s/he finds an error, then, statistically speaking, there are more where that one came from! By not writing it up, there just may be a chance that you might be busy enough not to get back to fixing the problem, or see if it is a more systemic a problem. So, if you get that singular finding, fret not! Just be sure to look around for more like it and perhaps save yourself some trouble in the future.
Excuse me, Mr. Whipple?
I have sat silent long enough. I have seen this behavior manifested in enough organizations that it is either chronic or a conspiracy. Are you a member of an organization that is registered to one of the derivatives of the ISO 9001 standard? Are you a member of the quality organization? Worse yet, are you the quality leader……or might I further risk…… Management Representative? Then I bet you may be anxious to join my newest commiseration therapy group. I call it The Rolls of Charmin. You know, the soft, fluffy, two ply stuff? Well, if I have seen it once, I have seen it a thousand times. Organizations, and most likely their Top Management as well, seem to be of the notion that if it has to do with ISO, customer complaints, corrective actions, preventive actions, internal audits, management reviews, goals and objectives, nonconforming product or, yes, competency too, then it MUST belong to the Quality Department! To them I say, buy a paper and come to town! This must be corrected, but I don’t see the “Rolls” having the power to do it. So, after much soul searching, I offer every Management Representative a solution. When your pesky auditor visits, get her aside and tell her it is your expectation that she will drive home, at every opportunity, the correct notion that the quality department is to FACILITATE the ISO process and its parts, and not be the chief cook and bottle washer. Tell the leaders, tell the workers, tell Top Management! But set it as the expectation of the auditor….for continued registration! If your auditor can’t deliver this in a convincing way, then either get another one, or renew your membership in the Rolls of Charmin, because you have earned it.
When is Safety Equipment Hazardous to your Health?
Unlike what one would suspect, auditing a client need not be limited to the confines of the checklist, standard and report. In order to have an effective outcome for all parties, it behooves the auditor to create an atmosphere of partnership and empathy such that the client is trusting and open in communication. How better for the client to come to understand correct interpretations of the standard than during lunchtime discussions? When else does the auditor come to learn of the client’s hobbies, political opinions and children’s extra-curricular activities? At what other time could the auditor hear the stories of company legends? You know - legends! Every company has had them! They are the folks who have had personality quirks or specific instances of behavior that have left them part of the company historical fabric forevermore! Well, call me lucky, but I just heard of one chap whose incident tops them all. We are all familiar with those foam ear plugs that many companies provide to protect their employees who are exposed to high levels of noise. Apparently this chap needed clearer instruction as to their insertion as he utilized a cotton swab to push them in each ear…until they were invisible to the eye and certainly not retrievable! This creativity to insure that his ears were most protected resulted in an incident report that had to explain how the safety equipment was hazardous and a trip to the hospital. Imagine the corrective action! You have seen them before; labels instructing you to remove baby before collapsing stroller? Or perhaps it is best explained by a cube posting in another area of the same company attributed to the late actor John Wayne: “Life is hard. It’s harder when you are stupid.” You have got to love company legends.
In Humor Ye Shall Flourish
Registrar clients come in all shapes, sizes and temperaments. Some are nervous. Some are worn out. And then, you come upon one who doesn’t mind findings. They actually look upon them truly as ways to improve their work lives. Well, I have such a customer. Not only do they have a great cooperative spirit, and top management is very engaged and supportive, they have a stealth editorial cartoonist on their staff. No, that is not their real job. They just have a real knack for capturing the moment in a glance, with a good dose of wicked humor. Take the time that I had a generous amount of findings in the calibration area. The next day, I receive an email with the editorial cartoon attached. Here is a boat that is half submerged like the Titanic, mid-sink. A huge cannon ball hole is visible on the bow as the ship takes on water. Somehow the cartoonist obtained a smiling photograph of me and gingerly placed my head on a comic pirate figure – skull and crossbones across my chest and sword in hand. A tattoo of an anchor rests on my sword arm. (Doesn’t every auditor appreciate attention to detail?) At the elevated end of the S.S. Calibration are head shots of the management rep and two cal lab co-conspirators, grasping the railing feverishly as drops of sweat form halos around their heads. Oh yeah, the sail has been ripped to the rings and seagulls fly in the distance. What a compliment to be so famously captured in artwork! Just goes to show you that you can survive and ISO audit, deal with your findings, enjoy the experience and look forward to the editorial comment. Wonder what a monitoring and measurement finding would look like ?
Process Audit Internally….Really?
So here we are, some of us upgraded to the new AS standard of our choice, some of us not. Some of us are feeling pretty smug, and some of us hearing the deafening tick of the clock as we approach July 1, 2012. Regardless, there are internal audits to be done, and rumors abound that they, too, must be done as process audits. So does that mean another training class to attend or just a step back and do a common sense approach? Consider this: AS9101D has two documents that can facilitate this for you if you can distinguish your sub-processes from one another. If you can’t, then dig out those turtle diagrams or SIPOCs and get to work. Otherwise, check out the PEAR form which sets out to reveal inputs, areas of the standard that apply to the process, and outputs by which you can measure effectiveness. Toughest part is determining a numerical or percentage metric for that score keeping. But once you have it determined, all you have to do to measure effectiveness is seek out the actual measurement and compare! You can use the OER to re-examine the process for its applicable adherence to the standard paragraphs. And finally, you can summarize your findings, both good and bad, on the Quality Matrix. Tah-Dah! Internal process auditing! And what is really neat is that you can perform it on as minor or major a process as you like. But most importantly, you should use these tools to audit your processes at a depth that your pesky auditor does not have time to do. So what are the chances that you, too, can be the first on your block with limited findings at your next surveillance audit?
Modern Audit Linguistics
So have you been wondering where the English language is headed? I am speaking about the new phraseology being used by all those who are too cool for their own mittens. I mean, oh, like, “my bad”. Exactly what does that mean, from where did it come and who in blazes let it in? But I am hearing it more and more and, call me a senior citizen wannabe, I am doing my best not to succumb to its usage. I give credit for the first time I heard it to the youthful attendant at my local wireless phone provider, where in order to be an employee I think essential competencies include multiple piercings and certainly a tattoo or two. So when she erred and said “oh, my bad”, I just had to ask her what that meant. She giggled in reply not having a clue what she had said, as she returned to clicking incessantly on the keyboard of my phone. You can only imagine my horror to have the sacred inner sanctum of the audit closing meeting violated by such modernity when my greater than sixty year old, and highly educated I might add, audit team mate apologized for a miswritten nonconformance with “oh, my bad”. Really? Simply what is this world coming to? Just wait until someone tries passing “my bad” off as their root cause!
The Lead Auditor’s Lament
So the Holiday Season is upon us, and all Aerospace quality boys and girls know what THAT means! Yes, we have SIX MONTHS TO GO to upgrade the AS quality management systems before Santa leaves us all a big lump of coal. All we have seen are self help guides for the Aerospace Supplier, how to cope with the nasty transition, nasty paperwork and, above all, the nasty auditor. Well, you would be nasty too if every upgrade audit that you tried to perform was met with a significant quantity of findings to simple, basic things. And believe it or not, boys and girls, with the new methodology, findings are just as much work for your pesky auditor as it is for you. So in an attempt to apply some therapy and bonding to the unsung heroes of the upgrade process, (read that as your pesky lead aero auditors), I present The Lead Auditor’s Lament…..to the tune of “The Twelve Days of Christmas”…..with sincere apologies to that Partridge, of course.
On the twelfth day of audit, my client gave to me:
- 12 open findings
- 11 missing flow downs
- 10 neglected audits
- 9 missing records
- 8 unsigned travellers
- 7 blank stares
- 6 lost inspection stamps
- 5 late PM’s
- 4 blank stares
- 3 lost mics
- 2 nervous breakdowns
And a SIPOC for the PEAR tree!
AS9101 – Has the industry delivered a turkey?
All right, all you Aero auditors out there, attention please. Give me a show of hands for how many have made it through upgrade training? Not bad, not bad! Now, how many have done some upgrade audits? Ok! Now, how many have developed their rhythm and choreography for an efficient turkey trot through the new AS9101D requirements? Oh….well, how about a waltz then? No? Well, rest assured that the industry writing team is already at work using your feedback and observations to improve the processes in a new revision. But, realistically, look at the bright side. Finally we have a combination of tools that provide the basis for a matrixed look at a company’s processes. With the creation of the PEAR form, even if the client does not use a turtle or a SIPOC, they are forced to identify key processes, interfaces, and how they will measure effectiveness. And if we are doing our jobs, we will not be accepting anything but measures to satisfy the requirements of effectiveness. No qualitative answers. No opinions. No schmooze. But for the first time, we may be on the cusp of solid continual improvement for items like on time delivery, number of escapes and quality. So you think the industry delivered us a turkey? I don’t. If we do our job with the proper enforcement focus it will soon be time to pass the pumpkin pie!
The Results are in and they speak of a royal flush!
In order to offer benefit and insight to those yet to tread the path of upgrade, we decided to take a survey of our upgraded AS9100 C clients to get a feel how the process went.
When asked how difficult they found the transition from AS9100B to AS9100C - fully half of all respondents were ambivalent saying it was neither easy nor difficult. A quarter of the participants stated that it was not difficult, whereas another 25% stated it was very difficult. So this should allay your fears as 75% of those transitioned found it not too much of a bother!
When asked if the new processes of the AS9100 series of standards were valuable, all respondents leaned in the direction of very valuable, while respondents were split down the middle with regard to whether there were any elements of the upgrade that they felt they were unprepared to handle.
Several of those asked were generous with suggestions regarding what advice they would give someone preparing for upgrade. One noteworthy summary spoke to the “flushing” and “smoking out” that most management reps must do in rolling out a new standard:, “Start making the changes to documentation early, well ahead of the outside audit start date to flush out any issues. Promote Rev C early and often to internal stake holders to smoke out the anti-change grumblers and help them understand the process.”
Anti-change grumblers you say? Who has ever encountered such a thing?!! Thanks to all those respondents and best wishes to the flushers and smokers!
If I Had Written the Standard
You can't be an ISO 9001 auditor for a good length of time and not harbor dreams of how you would have written the standard.
So often we see organizations attempting registration with a simple regurgitation of the words of the standard without "getting it". How better for the masses to "get it", the pesky auditor wonders, but in the clearer delivery of the intent of registration, the mission, if you will?
SO, with that in mind, whenever I approach the interrogation of those in management (read this as those most removed and possibly most desperate to please the pesky auditor), I always state two cardinal rules.
- One, every place in the standard that one sees "quality", one should substitute the word "business". After all, if it wasn't a business, why would we be bothering with registration in the hopes of making us better or at least opening a few more doors?
- Two, begin your ISO journey focusing on Paragraph 8.5.1 Continual Improvement as the reason for registration. Permit me to paraphrase. "The organization shall continually improve the effectiveness of the business management system through the use of the business policy, business objectives, audit results, analysis of data, corrective and preventive actions and management review."
I tell management that they own this paragraph, so knock my socks off with objective evidence of compliance. Would we see blank stares, horrified glances around the table or confident responses? Which would be your organization?
Survey Results - When it comes to ISO 9001, who's really in charge?
Well, the results are in and in some cases they aren't pretty.
One thing for sure, as far as registrar auditors holding top management toes to the fire, it is happening! A solid 94% or the respondents agree that their registrar interviews top management and 91% agree that the auditors hold top management accountable for areas of the standard. Great news!
But just when you start feeling good about the results, you read a comment like this: "The Quality Manager is always held 100% responsible for all ISO audits and Top Management only attends opening and closing meetings. I do not fault our ISO auditor; I fault our Management for refusing to be involved. Our auditor is excellent and they could learn a lot from him but they refuse to participate. The only support the Quality Manager gets is if I do not pass the audit I will be fired."
Yikes! Shades of Neanderthal mentality?
Sad, however, were the results as to whether there was a positive difference in the company since the word "top" was added before management in the standard (only 25% agreeing and a whopping 53% responding Neutral), and whether top management is greatly involved (62% agreeing and 22% Neutral).
One insightful respondent remarked "The involvement of Top Management varies greatly from organization to organization. Those companies that have top management involvement are the most prosperous and successful." While intuitively obvious, only 54% of the respondents agreed that Top Management uses the ISO standard to improve the business, while 34% were Neutral.
One respondent posed a question to this pesky auditor with "Our overall Business VP resides at our plant site. The ISO auditor always interviews the Plant Manager, but not the Business VP. The Plant Manager has authority over ISO/quality/plant/costs etc. and I see him as the applicable "top" management. I wonder if Pete would see it the same way or if Pete would insist or prefer to "audit" the Business VP too?"
Well, I guess I have to let you in on a secret. Pete's credo regarding who in Top Management will fall victim to the hot breath of the auditor is whoever the top ranking official on site is. So the Business VP better be aware if Pete gets assigned!
We offer many thanks to those who took the time to share their thoughts for this survey. Hopefully, you found the data as interesting as we did. Allow me to leave you with a final comment that sure made my day!
"Without reservation I can honestly say our auditors from a service other than PRI are not to the PRI high standard I have known in the past at a previous employer. The business improvement is not their strong focus and appears to be built on relationships versus what the standard was and is intended to accomplish." Amen!
AS9100C - Final Preparations - The Final Installment in a Six Part Series
Well, the internal audits are done and the non-conformances have been completed and verified for effectiveness.
Top Management, always a tender spot. You are the doer but THEY get face time with the PRI Registrar auditor. Usually the auditor is pretty clinical. You know - AS9100 paragraph 5.6, check, check, check. But now things are different. Better check AS9101D again.
Oh brother! Paragraph 188.8.131.52 tells the auditors that there should be an interview with "Top Management" to evaluate the:
- establishment and continued RELEVANCE of the quality policy and objectives
- establishment of PERFORMANCE MEASURES ALIGNED to quality objectives
- quality management system DEVELOPMENT, IMPLEMENTATION and CONTINUAL IMPROVEMENT
- top management COMMITMENT
- quality management system PERFORMANCE and EFFECTIVENESS
- performance to CUSTOMER EXPECTATIONS (e.g., supplier rating, scorecard, audit results)
- and ACTIONS TAKEN to address issues that are not meeting customer performance expectations".
Better talk to Top Management to decide what modifications will be necessary to the Management Review so you have clear evidence satisfying all this. But wait! There's a lot more in Paragraph 184.108.40.206 and 220.127.116.11 too!
Better be sure to bring along AS9101D to show Top Management what all is involved. And better have that revised Management Review Meeting done before the upgrade audit! July 1st is going to be here before you know it! Who knew?
AS9100C - Evidence of Conformity with Check-less Checklists - Part 5 in a Six Part Series
Just when you thought you could predict every AS9100 audit experience, the industry serves up a curve ball called AS9101D.
All you want to do is pre-test your processes with internal audits, but, hey, this is supposed to be process-based auditing. So you better chuck the old elemental checklists. Now what?
Well, the PRI Registrar auditor will be bringing in tools for sure. PRI Registrar DID send that PowerPoint presentation last December - calling out AS9101D. Well, what do you know? The old checklist is now called an Objective Evidence Record (OER) and here it is already designed for auditing. But wait.
AS9101 paragraph 18.104.22.168 says "the audit team shall record detailed objective evidence (e.g., reviewed procedures, shop orders, training records, products, verification records)... on a standardized form (i.e. OER)". But check out Paragraph 4.2.3: "The QMS Matrix Report ... shall be completed by the audit team for each visited site to demonstrate which processes and quality management system clauses have been audited."
If you would list your turtle processes in each column under Company QMS Processes, the next pages of the matrix list every paragraph in AS9100. You could check each element that impacts that process title. So, 4.2 Document Control surely impacts all the processes you have listed. You check those elements for each process and look at the rest, such as 8.5 Continual Improvement. It works for all process too! Cool!
AS9101D says you can list Nonconformance Numbers on the Matrix also. So between the OER and the Matrix, you are set to do an audit of your processes AND verify compliance with paragraphs outside of Section 7. Who knew? Next - Final Preparations.
AS9100C - Walking the Walk - Talking the Talk - Part 4 in a Six Part Series
So, you figure that the best way to be ready for the AS9100C upgrade auditor is to make sure that your processes have been identified and are effective yourself.
Accordingly, you plan to convert your internal audit system from element-based to process-based so as to test the waters. You've already been told that this new standard will be a shift toward process-based auditing. The evidence of each process' effectiveness will be the PEAR with a three or four categorization. Ultimately, the internal audits will offer Evidence of Conformity, Effectiveness of Processes and Performance Focus.
For starters, you have new tools to consider in identifying your processes -- turtles or SIPOCS. For each process, these will identify the process categories of Inputs, Controls, Resources and Outputs - what is the expected outcome of the process - for each process. Until you get the hang of this stuff, you want to keep it simple but effective. And you only have to worry about "official" processes coming from Section 7 of AS9100C.
You figure that you can start by calling out the following processes: Planning (to take into account AS9100C paragraphs 7.1, 7.2 and 7.4), Design (paragraph 7.3), Realization (7.5.1 through 7.5.5) and Monitoring and Measurement (7.6). First you need to redesign your Quality Manual process diagram to address these processes because of the AS9100C Paragraph 4.2.2c requirement for "a description of the interaction between the processes of the quality management system". Next, you need to complete a turtle for each of these process titles. There! Now you are ready to audit. Or are you? More to come!
AS9100C - Pears that Bear Fruit? - Part Three in a Six Part Series
So, the auditor is going to validate effectiveness of our processes.
PRI Registrar said that the auditor would be coming for a Stage 1 audit to check the quality manual and our description of the processes showing their sequence and interactions including the identification of any outsourced processes.
AS9101D says that the processes "can be depicted in various ways (e.g. process maps, turtle diagrams, SIPOC method or octopus)" and that our metrics must be in place for twelve months or the assessment or transition audit can't happen. The auditor is going to verify that our processes are being "monitored, measured, and analyzed against planned results (determination of effectiveness)".
AHA! What the auditor determines is really in our hands ahead of time!
"The audit team should evaluate, as appropriate, that processes have actions implemented to achieve planned results and to promote continual improvement and are effective in achieving the desired results (e.g. verify performance information available - percentage of conforming parts/products, percentage OTD). Planned results can be related to process outputs."
Makes sense. After all, why are we doing this AS9100 registration anyway? Yeah, I know, it was a mandate, but all the aerospace industry is trying to achieve is safety, airworthiness, on time delivery, quality parts, continual improvement and effectiveness. Who can argue with any of those reasons? So here is the kicker.
Our processes that represent Section 7 of the AS9100 series standards must be documented by the auditor on this thing called a PEAR!
That's Process Effectiveness Assessment Report, and each Section 7 process shall be recorded on a separate PEAR. Most of the information comes right off our Turtles; the process details including associated process interfaces, the applicable standard clauses, and our method for determining process effectiveness and the auditor's observation and comments supporting her process effectiveness determination.
The last section of the PEAR is the Statement of Effectiveness Level. The audit must select one of four results: The process is either:
- Not implemented; planned results are not achieved
- Implemented; planned results are not achieved and appropriate actions not taken
- Implemented; planned results are not achieved, but appropriate actions being taken or
- Implemented, planned results are achieved.
If we get any 1's or 2's, then in addition to the auditor writing a major finding against the process, they have to also write a major finding against top management under standard paragraphs 4.1 c and f, which says "the organization shall c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective, and f) implement actions necessary to achieve planned results and continual improvement of these processes."
Sounds like these PEARs will be bearing some fruit! Stay tuned for more!
AS9101D - The New Kid on the Block - Part Two in a Six Part Series
Another standard? No more checklists? An OER? AS9101D? This is auditing as we have never known it!
All the AS Auditors are trained to AS9101D before they can do audits to AS9100C as AS9101D lays out the way that you are going to experience AS9100C audits from now on.
AS9101D says that this new audit methodology is "for auditors to evaluate quality management system conformity and effectiveness. Use of these methods will help transition from clause-based auditing and put the focus on the actual processes, their effectiveness, and their ability to meet the quality objectives."
Sounds like a pretty qualitative analysis.
Life was good when the auditor would ask for "this and so" and you could show "this and so" and get a check mark. Well, wonder how "this and so" clause-based auditing will move to an evaluation of effectiveness on this thing called an Objective Evidence Record (OER)?
AS9101D says "the audit team should audit processes to sufficient depth and detail to evaluate if the organization's processes are capable of meeting planned results and performance levels, including applicable customer specific targets." Yikes! How can you show that?
"The audit team should evaluate, as appropriate, that processes are sequenced and interactions are defined (see 9100-series standards, clause 4.1.b)...often the output from one process directly forms the input to the next (see 9100-series standards clause 0.2 Process Approach)...have responsibilities assigned and responsible functions identified...have relevant process controls defined...have the availability of resources and information required...".
You look at your quality manual to see your interaction diagram. Well, that old Plan-Do-Check-Act diagram will have to go. You check the internet for process management tools and discover Turtle Diagrams and a Six Sigma tool called a Suppliers-Inputs-Process-Outputs-Customers diagram.
First better get the interaction of processes diagram revised, and then plot them out one of the tools. Progress! Stay tuned! We're far from finished on this topic.
AS9100C - What's the big deal? - Part One of a Six-Part Series
So you are already in March. Certified to AS9100B and figuring you better get started on upgrading your system to AS9100C. After all, any audit after July 1 must be to the new standard.
Sure, you've had your issues with AS9100B, but you've always been able to correct them. You wondered how that lead auditor managed to find their way documenting the audit in that big checklist, and yet still found non-conformances with your system.
So what is the big deal?
First you checked the manufacturing section of the standard and didn't see any big changes so you don't have to rattle any cages in the plant. A few paragraphs were added, mostly on the sales department, right? Oh yeah, and that thing about top management assuring that corrective actions are put in place if on time delivery is not good.
Things looked cool until the PRI Registrar auditor called and asked if you had reviewed that PowerPoint presentation that they sent out in December. You have it there somewhere, now where is it?
The auditor mentioned something about your interaction of process diagram, and identifying processes on a turtle before she gets there. That wasn't anywhere in the standard. Wonder what's up?
You find the PowerPoint presentation in your email and you are glad that the auditor called. There appears to be much more to this upgrade than you anticipated. Stay tuned. We're going to shed a little light on this in the coming weeks.
When it comes to ISO 9001, who's really in charge?
Have you noticed any difference with your registration audits since the ISO 9001:2000 standard moved the heat of the auditing spotlight smack dab onto the chief executive of the organization via the addition of the word "top" before references to management? Recall the simpler times when obtaining ISO 9001 certification was the duty of the harried quality manager, usually in the etcetera portion of her job? Who knew that the mere introduction of the word "Top" before management would infer that active involvement of the lofty heights of an organization were actually responsible, no, necessary, to have a successfully driven continual improvement effort? After all, is it not top management who ultimately holds the purse strings with regard to any and all resource additions? I wonder how many clients of registration actually witness their registrar holding top management's feet to the fire. Or do they play nice with the folks who sign the checks? Hopefully, your organization benefits from a registrar who has not only singed your boss's toes, but has facilitated their recognition of their role in the success of the ISO 9001 process.