• AS9100D:2016 Quality Manual Template, 42 pages ($135)

• AS9110C:2016 Quality Manual Template, 43 pages ($135)

• ISO 14001:2015 Policy Manual Template, 19 pages ($75)

• Integrated QMS-EMS Policy Manual Template, 35 pages ($125)

• external and internal issues (4.1)
• relevant interested parties (4.2)
• quality management system scope (4.3)
• processes and their interaction (4.4)

• Organizational structure
• Expected retirement of key personnel
• Availability of reliable, qualified workforce
• Capacity for product production; service delivery
• Addition of a second shift for increased sales
• Aging machinery or obsolete equipment
• Aging workforce and new hires
• Formation of a labor union
• Relocation of the company
• Business performance
• Rules for decision making
• Lack of organization knowledge
• Cost of quality
• Poor customer satisfaction; complaints
• Inefficient, ineffective processes
• Resilience of infrastructure
• Extent of outsourcing
• Contractual arrangements with customers
• Relationship with investors
• Service level agreements with customers
• Expiration of government funding
• Work stoppage
• Computer hacking
• Environmental pollution
• Social media coverage
• Organizational culture and behavior
• Corporate governance

• external and internal issues (4.1)
• relevant interested parties (4.2)
• quality management system scope (4.3)
• processes and their interaction (4.4)

• Supply chain disruption
• Loss of a key supplier
• Technology shifts
• Competitive pressures
• Money exchange rates
• Economic conditions
• Inflation forecasts
• Credit availability
• Oil price changes
• Local infrastructure
• Increased regulations
• Patent expirations
• Trade union regulations
• Ventures into new markets
• Changes in financial markets
• Funding for non-profits
• Scarcity of raw materials
• Climate; natural disasters
• Major road construction in service area
• International trade agreements
• Political stability

• AS9100D:2016 Quality Manual Template, 42 pages ($135)

• AS9110C:2016 Quality Manual Template, 43 pages ($135)

• ISO 14001:2015 Policy Manual Template, 19 pages ($75)

• Integrated QMS-EMS Policy Manual Template, 35 pages ($125)

ISO 9001:2015, clause 4, Context of the Organization, includes requirements for the organization to determine its:

• external and internal issues (4.1)
• relevant interested parties (4.2)
• quality management system scope (4.3)
• processes and their interaction (4.4)

This article is on clause 4.3 and determining the Scope of a quality management system. See the Interested Parties article in this March 2018 newsletter. See the External Issues and Internal Issues articles in our February 2018 newsletter.

4.3 Determining the scope of the quality management system
 
Requirements

The organization must determine the boundaries and applicability of the quality management system (QMS) to establish its scope.

When determining this scope, the organization must consider:

a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.

The organization must apply all the requirements of ISO 9001 if they are applicable within the determined scope of its QMS.

The scope of the organization’s QMS must be available and maintained as documented information. The scope must state the types of products and services covered and provide justification for any ISO 9001 requirement that the organization determines is not applicable to its QMS scope.

Conformity to ISO 9001 may only be claimed if the requirements determined as not being applicable do not affect the organization’s ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction.

Definition

ISO 9000:2015, Fundamentals and Vocabulary, does not specifically define QMS Scope. However, it does say that the scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

ISO 9000 defines a “quality management system” as the part of a management system with regard to quality. A “management system” is defined as a set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.

The management system elements establish the organization’s structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives, and processes to achieve those objectives.

References

ISO 9001:2015, Annex A5, Applicability, states that an organization can review the applicability of requirements due to the size or complexity of the organization, the management model it adopts, the range of the organization’s activities, and the nature of the risks and opportunities it encounters.

The requirements for applicability are addressed in clause 4.3 (see Requirements above), which defines conditions under which an organization can decide that a requirement cannot be applied to any of the processes within its QMS scope. The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services.

Guidance

The intent of determining the system scope is to define its boundaries in a way that helps the organization meet requirements and achieve the intended results of the system.
The scope should be established based on external and internal issues, relevant requirements of relevant interested parties, and the provided products and services.

When determining the scope, consider such issues as infrastructure, remote sites and activities, policies and strategies, and centralized or externally provided functions, activities, processes, products, and services.

All requirements of ISO 9001 are considered applicable within the scope unless they do not affect the organization’s ability to provide a product, or deliver a service, that meets requirements or enhances customer satisfaction.

To determine the application of requirements in ISO 9001, the organization should consider each individual requirement, and not just decide that a whole clause is not applicable. Some of the requirements may be applicable in a clause, or all the requirements within a clause may, or may not, be applicable.

The scope statement should include details of the products and services covered. It should also include justification for any requirements that are determined as not applicable. This documented information can be maintained in whatever method the organization determines to meet its needs, such as a quality manual, standalone document, or a website.

For further guidance, see our December 2013 article on Certification Scope.

ISO 9001:2015, clause 4, Context of the Organization, includes requirements for the organization to determine its:

• external and internal issues (4.1)
• relevant interested parties (4.2)
• quality management system scope (4.3)
• processes and their interaction (4.4)

This article is focused on clause 4.2 and determining interested parties.

4.2 Understanding the needs and expectations of interested parties
 
Requirements

Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization must determine:

a) the interested parties that are relevant to the quality management system;

b) the requirements of these interested parties that are relevant to the quality management system.

The organization must monitor and review information about these interested parties and their relevant requirements.

Definition

ISO 9000:2015, Fundamentals and Vocabulary, clause 3.2.3, defines “interested party” as the person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.

Examples of interested parties are given as customers, owners, people in an organization, providers (suppliers), bankers, regulators, unions, partners, or society that can include competitors or opposing pressure groups.

References

Clause 4.3 requires interested parties to be considered when determining the scope of the quality management system.

Clause 5.2.2.c requires the quality policy to be made available to relevant interested parties, as appropriate.

Clause 8.3.2.i states that when determining the stages and controls for design and development, to consider the level of control expected by relevant interested parties.

Clause 9.3.2.c.1 requires management reviews to consider feedback from relevant interested parties.

Annex A.3 states there is no requirement for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system.

Guidance

Not all interested party requirements are requirements of the organization, because they may not be relevant to the quality management system. Other interested party requirements may be mandatory because they are expressed in applicable laws, regulations, permits, and licenses.

There may be other requirements that an organization decides to voluntarily adopt or decide to enter into an agreement or contract. Once adopted or agreed to, the organization must comply.

If interested parties perceive themselves to be affected by an organization, its products and services, and the quality management system, they must make it known to the organization.

Internal interested party examples:

• Management
• Employees
• Corporate
• Owners

External interested party examples:

• Customers
• Suppliers
• Community
• Bankers
• Investors
  Regulators
• Unions
• Trade Associations
• Utilities
• Law Enforcement
• Society
• Intellectual Property Owners
• Joint Venture Partners
• Business Partners
• Emergency Responders
• Industry Groups
• Special Interest Groups
• News Media
• Competitors

Consider these six market categories when identifying interested parties:

1. Customer: buyers, consumers, clients, end users, and retailers.

2. Supplier: producers, vendors, contractors, and distributors.

3. Intermediary: referral sources, connectors, agencies, and networks.

4. Influencer: financial markets, regulatory markets, and government.

5. Internal: employees, staff, managers, and business units

6. Alliance: joint ventures and business partners

Larry Whittington will be the instructor for these ISO 9001:2015 classes in Orlando, Florida:

ISO 9001:2015 Requirements 

• April 9-10, 2018
• June 4-5, 2018

ISO 9001:2015 Internal Auditor

• April 9-11, 2018
• June 4-6, 2018

ISO 9001:2015 Lead Auditor

• April 9-12, 2018
• June 4-7, 2018

Click on a course title to view the course description and enroll in a class. If you have questions about the training or registration process, please call 770-862-1766.

Elbert Sorrell is a Certified Safety Professional (CSP) with extensive experience in occupational safety and health/risk control. Dr. Sorrell was granted Professor Emeritus status in the M.S in Risk Control Program at the University of Wisconsin-Stout after 28 years of service when he retired in January 2016.

Dr. Sorrell is well versed in the multi-disciplinary areas of occupational safety and health (management system development and evaluation, program/policy development and implementation, program monitoring and management, regulatory compliance, risk/hazard assessment, and safety training and evaluation), with a special interest in facilitating the integration of safety and health into existing management systems.  

He has taught courses in Loss Control Systems, Risk Management Applications, Construction Risk Management, Principles of Risk Control/OHS, Construction Safety, and Environmental Leadership and Sustainability Management. During Dr. Sorrell’s tenure at the University of Wisconsin-Stout, he also provided safety/risk control consultation to a multitude of clients in general, construction, and transportation industries. 

Dr. Sorrell is certified by Exemplar Global in Occupational Health and Safety Management Systems (OHSAS 18001) and Environmental Management Systems (ISO 14001) at the Principal Auditor grade. He is also Exemplar Global certified in Quality Management Systems (ISO 9001). Upon retiring, Dr. Sorrell has committed himself to providing 3^rd party certification audits, as well as, providing safety consultation and training to business and industry.  

Dr. Sorrell has served as an OHSMS lead auditor for various types of industries (general and construction), including the Department of Defense, Department of Energy, power generation facilities, electronic recycling, and construction contractors.   

He is also a voting member on the U.S. Technical Advisory Group (TAG) for the International Standards Organization (ISO) Project Committee (PC) 283 for the development of ISO 45001 for requirements for Occupational Health and Safety Management Systems. 

Dr. Sorrell received his Doctorate degree in Vocational Education from the University of Minnesota, Master of Science, Occupational Safety and Health, and Bachelor of Science in Industrial Technology (Engineering Technology) from the University of Wisconsin Stout. He is a member of the Education Standards Committee, Standards Development Committee, and Technical Publication Advisory Committee of the American Society of Safety Engineers (ASSE).

ISO 9001:2015, clause 4, Context of the Organization, includes requirements for the organization to determine its:

• external and internal issues (4.1)
• relevant interested parties (4.2)
• quality management system scope (4.3)
• processes and their interaction (4.4)

This article is on clause 4.4 and establishing a quality management system and the interaction of its processes. See the External Issues and Internal Issues articles in our February 2018 newsletter. See the Interested Parties and Scope Statement articles in our March 2018 newsletter.

4.4 Quality management system and its processes
 
Requirements

4.4.1 The organization must establish, implement, maintain and continually improve a quality management system (QMS), including the processes needed and their interactions, in accordance with the requirements of ISO 9001.

The organization must determine the processes needed for the quality management system and their application throughout the organization, and:

a) determine the inputs required and the outputs expected from these processes;
b) determine the sequence and interaction of these processes;
c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes;
d) determine the resources needed for these processes and ensure their availability;
e) assign the responsibilities and authorities for these processes;
f) address the risks and opportunities as determined in accordance with the requirements of 6.1;
g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;
h) improve the processes and the quality management system.

4.4.2 To the extent necessary, the organization must:

a) maintain documented information (documents) to support the operation of its processes;
b) retain documented information (records) to have confidence that the processes are being carried out as planned.

Definition

ISO 9000:2015, Fundamentals and Vocabulary, defines a “quality management system” as the part of a management system regarding quality. A “management system” is defined as a set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.

The management system elements establish the organization’s structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives, and processes to achieve those objectives.

ISO 9000 defines a “process” as a set of interrelated or interacting activities that use inputs to deliver an intended result. Whether the “intended result” of a process is called output, product, or service depends on the context of the reference.

Inputs to a process are generally the outputs of other processes; outputs of a process are generally the inputs to other processes. Processes in an organization are generally planned and carried out under controlled conditions to add value.

A process where the conformity of the resulting output cannot be readily or economically validated is frequently referred to as a “special process”.

Guidance

According to ISO/TS 9002:2016, the intent of clause 4.4 is to ensure that the organization determines the processes needed for its quality management system in accordance with ISO 9001. This includes not only the processes for production and service provision, but also the processes that are needed for the effective implementation of the system, such as internal audit, management review and others (including processes that are performed by external providers).

For example, if the organization determines the need for a process for monitoring and measuring resources, the process will need to meet the requirements of ISO 9001:2015, 7.1.5. The level to which processes need to be determined and detailed can vary according to the context of the organization and the application of risk-based thinking – taking into consideration the extent to which the process affects the organization’s ability to achieve its intended results, the likelihood of problems occurring with the process and the potential consequences of such problems.

ISO/TS 9002:2016 provides guidance for ISO 9001:2015, 4.4.1, bullets a) to h):

a) Inputs and Outputs
The organization should determine the inputs required and the outputs expected from its processes. Inputs required for the processes should be considered from the viewpoint of what is required for the implementation of the processes as planned. Expected outputs should be considered from the viewpoint of what is expected either by the customers or the subsequent processes. Inputs and outputs can be tangible (e.g., materials, components or equipment) or intangible (e.g., data, information or knowledge).

b) Sequence and Interaction
When determining the sequence and interaction of these processes, the links with the inputs and outputs of the previous and subsequent processes should be considered. The methods for providing details of the sequence and interaction of the processes depends on the nature of the organization. Different methods can be used, such as retaining or maintaining documented information (e.g., process maps or flow diagrams), or a simpler approach, such as a verbal explanation of the sequence and interaction of the processes.

c) Criteria and Methods
To make sure that processes are effective (i.e., deliver the planned results), the process control criteria and methods should be determined and applied by the organization. The criteria for monitoring and measurement could be process parameters, or specifications for products and services. Performance indicators should be related to monitoring and measurement, or can be related to the organization’s quality objectives (criteria). Other methods for performance indicators include, but are not limited to, reports, charts, or the results of audits.

d) Resources
The organization should determine the resources needed for processes, such as people, infrastructure, environment for the operation of the processes, organizational knowledge, and monitoring and measuring resources. Considerations on the availability of resources should include the capabilities and constraints of existing internal resources and those that are obtainable from external providers.

e) Responsibilities and Authorities
The organization should assign the responsibilities and authorities for its processes by first determining the activities of the process and then determining the persons who will perform the activity. The responsibilities and authorities can be established in documented information, such as organization charts, documented procedures, operational policies, and job descriptions, or by using a simple approach of verbal instructions.

f) Risks and Opportunities
The organization should ensure that any actions needed to address risks and opportunities associated with the processes are implemented.

g) Evaluation and Changes
The organization should consider the performance data obtained through the review of criteria established for monitoring and measuring. Analyze and evaluate this data, and implement any changes needed to ensure that these processes consistently achieve their intended results.

h) Improvement Actions
The organization can use the results of analysis and evaluation to determine the necessary actions for improvement. Improvements can be made at the process level (e.g., by reducing variations in the way an activity is performed) or at the quality management system level (e.g., by reducing the paperwork associated with the system, allowing persons to concentrate more on managing the processes).

Documented Information
The intent of subclause 4.4.2 is to ensure that the organization determines the extent of documented information that is needed. Documented information is the information required to be controlled and maintained by an organization and the medium on which it is contained.

According to ISO/TS 9002:2016, the appropriate person (e.g., process owner, process output owner, process control person) should review what information is used for the process to perform consistently to deliver the intended output. For information (e.g., procedures, work instructions, visual aids, information and communication systems, drawings, specifications, metrics, reports, key performance indicators [KPIs], meeting minutes, representative samples, verbal conversations) that is used, an analysis of the value to support the process needs to be carried out.

The result of the analysis will be the decision as to which information will be treated as documented information. For example, when top management does strategic planning, they could consult and review relevant information on the internet, such as reports on the current and future status of the organization’s industry sector that have been developed by governmental agencies and other relevant parties. This information should not be considered as documented information, as it is available from the public domain. In contrast, a business plan that includes quality objectives, risk and opportunities, strategies, among other relevant elements (e.g., the organization’s mission, vision, values, and process map) would need to be considered as documented information.

It is up to the organization to specify the distinct types of documented information needed to support the operation of its processes and its quality management system. In determining the type and extent of documented information needed, the organization should evaluate its own needs and apply risk-based thinking. It should also consider its size, activities, types of products or services, complexity of its processes, resources, etc., as well as, the potential consequences of nonconformities.

While ISO 9001 specifies the use of documented information in some of its requirements, there can be a need for the organization to have additional documented information (such as documented procedures, websites, work instructions, manuals, regulations, standards, forms, guides, computer software, telephone applications) to control the operation of its processes.

Some of the organization’s documented information will need to be reviewed periodically and be revised to be kept up to date. ISO 9001 uses the phrase “maintain” documented information to refer to these types of “documents”.

Other documented information needs to be “retained” unchanged (unless a correction is authorized) to demonstrate conformity and to have confidence that processes are being carried out as planned. This type of documented information is referred to as a “record”.

The post QMS and Processes appeared first on Whittington & Associates.

A new brochure on “Tackling Counterfeit with IEC and ISO Standards” is available for a free download from this web page.

The first page of the brochure sets the stage:

“In Roman times it was wine, in mediaeval times it was textiles and weapons, today it is everything from personal computers to potency pills. Counterfeit goods are nothing new, but with globalization, the Internet and increased movement of goods, the fakes business is booming.”

The brochure answers the questions “What exactly are counterfeit goods?” and “How does counterfeit affect you?”

The brochure provides counterfeit examples for Pharmaceuticals, Electronics, Food, and Consumer Products. For each industry, it answers the questions, “What are the risks?” and “How can I spot a fake?”, and then identifies the IEC and ISO standards that can help.

The post Tackling Counterfeit appeared first on Whittington & Associates.

The 2018 Annual Safety Progress Report from SafeStart and EHS Daily Advisor was developed based on the survey responses from 531 environmental, health, and safety professionals.

Concerns

The participants listed their top seven most pressing safety concerns as:

1. Employee engagement (48%)
2. Employees taking shortcuts or ignoring the rules (44%)
3. Supervisor participation in safety programs (38%)
4. Common recurring injuries, e.g., slips, trips, and falls (32%)
5. Lackluster safety culture (30%)
6. Organizational and/or leadership buy-in (28%)
7. Clashes between safety and production (26%)

Obstacles

The top three obstacles to implementing safety improvements were identified as:

1. Budget (57%)
2. Competing with other operational projects/priorities (50%)
3. Training time/logistics (43%)

Compliance

When asked to choose the statement that best describes the compliance of their safety programs, they selected:

“We have an excellent safety program that goes well beyond OSHA compliance.” (15%)

“We are trying to take our safety program to the next level beyond compliance.” (40%)

“We are compliant with OSHA standards but have made no efforts to go beyond minimum compliance.”  (14%)

“We are not fully compliant with OSHA standards yet, but we’re actively trying to fix gaps in our compliance.” (24%)

“We are not compliant with OSHA regulations and unable to comply due to limited resources or lack of commitment.” (6%)

Report
To download the full 40-page report, go to this web page.

The post Safety Report appeared first on Whittington & Associates.

A recent article in the OMNEX Navigator provided an analysis of 181 transition audits to the IATF 16949:2016 automotive standard.

Top 5 Nonconformities

The top five IATF 16949 clauses with nonconformities are listed below by percentage of total nonconformities:

1. Total Productive Maintenance (8.5.1.5) = 4.9%
2. Control Plan (8.5.1.1) = 3.9%
3. Contingency Plans (6.1.2.3) = 3.8%
4. Control of Production and Service Provision (8.5.1) = 2.7%
5. Internal Auditor Competency (7.2.3) = 2.4%

Top 5 Majors

The top five IATF 16949 clauses with majors are listed below by percentage of total major nonconformities:

1. Customer-Specific Requirements (4.3.2) = 5.3 %
2. Internal Auditor Competency (7.2.3) = 5.3%
3. QMS Audit (9.2.2.2) = 5.3%
4. Total Productive Maintenance (8.5.1.5) = 4.5%
5. Management Review Inputs (9.3.2) = 4.5%

To read the Omex Navigator, go to this web page.

The post IATF 16949 Nonconformities appeared first on Whittington & Associates.

ISO 45001:2018, “Occupational health and safety management systems — Requirements with guidance for use”, is now available. ISO 45001 is a replacement for OHSAS 18001:2007.

ISO 45001 adopts Annex SL, thus sharing the same clause structure, core text, and terms and definitions as ISO 9001:2015 (quality management) and ISO 14001:2015 (environmental management).

ISO 45001 specifies requirements for an occupational health and safety (OH&S) management system and gives guidance for its use. It enables organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as, by proactively improving OH&S performance.

The new standard is applicable to any organization that wants to establish, implement, and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.

ISO 45001 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with an organization’s OH&S policy, the intended outcomes of an OH&S management system include:

a) continual improvement of OH&S performance;
b) fulfilment of legal requirements and other requirements;
c) achievement of OH&S objectives.

ISO 45001 applies to any organization regardless of its size, type, and activities. It is applicable to the OH&S risks under the organization’s control and considers factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.

ISO 45001 doesn’t state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system. It doesn’t address issues such as product safety, property damage, or environmental impacts, beyond the risks to workers and other relevant interested parties.

ISO 45001 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to ISO 45001 are not acceptable unless all its requirements are incorporated into an organization’s OH&S management system and fulfilled without exclusion.

According to an ISOFocus article, the main change is that ISO 45001 concentrates on the interaction between an organization and its business environment, while OHSAS 18001 was focused on managing OH&S hazards and other internal issues.

The standards also diverge in other ways, for example:

• ISO 45001 is process-based – OHSAS 18001 is procedure-based
• ISO 45001 considers both risk and opportunities – OHSAS 18001 deals exclusively with risk
• ISO 45001 includes the views of interested parties – OHSAS 18001 does not

You can order ISO 45001:2018 at this ISO webpage for about $168.

The post ISO 45001:2018 appeared first on Whittington & Associates.

ISO 9004:2018, “Quality management – Quality of an organization – Guidance to achieve sustained success”, has been published.  It replaces ISO 9004:2009, “Managing for the sustained success of an organization – A quality management approach”.

The 4th edition of ISO 9004 provides guidance for organizations to achieve sustained success in a complex, demanding, and ever-changing environment, with reference to the seven quality management principles described in ISO 9001:2015. Where they are applied collectively, quality management principles can provide a unifying basis for an organization’s values and strategies.

Top management’s focus on the organization’s ability to meet the needs and expectations of customers and other relevant interested parties provides confidence in achieving sustained success. ISO 9004:2018 addresses the systematic improvement of the organization’s overall performance. It includes the planning, implementation, analysis, evaluation, and improvement of an effective and efficient management system.

Factors affecting an organization’s success continually emerge, evolve, increase, or diminish over the years, and adapting to these changes is important for sustained success. Examples include social responsibility, environmental and cultural factors, in addition to those that might have been previously considered, such as efficiency, quality, and agility; taken together, these factors are part of the organization’s context.

The ability to achieve sustained success is enhanced by managers at all levels learning about and understanding the organization’s evolving context. Improvement and innovation also support sustained success. ISO 9004:2018 promotes self-assessment and provides a self-assessment tool for reviewing the extent to which the organization has adopted the concepts in the document.

The 59-page standard can be purchased at this ISO web page for about $186. ANSI members can order it for $167.20 at this ANSI web page.

Table of Contents
Foreword
Introduction
1. Scope
2. Normative references
3. Terms and definitions

4. Quality of an organization and sustained success
4.1 Quality of an organization
4.2 Managing for the sustained success of an organization

5. Context of an organization
5.1 General
5.2 Relevant interested parties
5.3 External and internal issues

6. Identity of an organization
6.1 General
6.2 Mission, vision, values, and culture

7. Leadership
7.1 General
7.2 Policy and strategy
7.3 Objectives
7.4 Communication

8. Process management
8.1 General
8.2 Determination of processes
8.3 Responsibility and authority for processes
8.4 Managing processes

9. Resource management
9.1 General
9.2 People
9.2.1 General
9.2.2 Engagement of people
9.2.3 Empowerment and motivation of people
9.2.4 Competence of people
9.3 Organizational knowledge
9.4 Technology
9.5 Infrastructure
9.5.1 General
9.5.2 Infrastructure
9.5.3 Work environment
9.6 Externally provided resources
9.7 Natural resources

10. Analysis and evaluation of an organization’s performance
10.1 General
10.2 Performance indicators
10.3 Performance analysis
10.4 Performance evaluation
10.5 Internal audit
10.6 Self-assessment
10.7 Reviews

11. Improvement, learning, and innovation
11.1 General
11.2 Improvement
11.3 Learning
11.4 Innovation
11.4.1 General
11.4.2 Application
11.4.3 Timing and risk

Annex A: Self-assessment tool
A.1 General
A.2 Maturity model
A.3 Self-assessment of detailed elements
A.4 Using the self-assessment tools

Bibliography

The post ISO 9004:2018 Available appeared first on Whittington & Associates.

The ISO 17021 conformity assessment standards state the requirements for bodies providing audit and certification of management systems. ISO 17021-3:2017 provides the competence requirements for auditing and certification of “quality” management systems.

If you are a certification body auditor, do you have this knowledge? If you are an internal auditor, shouldn’t you possess the same level of knowledge?

Fundamental concepts and quality management principles

Each Quality Management System (QMS) auditor must have knowledge of:

a) fundamental concepts and quality management principles and their application;
b) terms and definitions related to quality management;
c) process approach, including related monitoring and measurement;
d) role of leadership in an organization and its impact on the QMS;
e) application of risk-based thinking, including the determination of risks and opportunities;
f) application of the PDCA (Plan, Do, Check, Act) cycle;
g) structures and interrelationships of documented information specific to quality management;
h) quality management related tools, methods, techniques, and their application.

Context of the organization

The audit team must have business sector knowledge to determine whether an organization has appropriately determined:

a) external and internal issues, relevant to its purpose and its strategic direction, and that affect its ability to achieve the intended results of its QMS;
b) needs and expectations of interested parties relevant to the organization’s QMS, including the requirements for the products and services of the organization;
c) boundaries and applicability of the QMS to establish its scope.

NOTE: A business sector is understood to be the economic activities covering a broad range of related technical areas.

Client products, services, processes, and organization

The audit team must have knowledge of:

a) terminology and technology specific to the technical area;
b) statutory and regulatory requirements applicable to the product or service specific to the technical area;

NOTE: Statutory and regulatory requirements can be expressed as legal requirements.

c) characteristics of products, services, and processes specific to the technical area;
d) infrastructure and environment for operation of processes affecting product and service quality;
e) provision of externally provided processes, products and services;
f) impact of organization type, size, governance, structure, functions and relationships on development and implementation of the QMS, its documented information, and certification activities.

You can order ISO 17021-3:2017 at this ISO web page for about $40.

The post Auditor Competence appeared first on Whittington & Associates.

OSHA has a two-page Fact Sheet for “Safety Walk-Arounds” that provides guidance on conducting workplace safety inspections.

Workplace inspections are important for identifying hazards and resolving them. You should set up a schedule to inspect the workplace on a regular basis.

Pre-Inspection

Familiarize yourself with the workplace and operation, and the hazards previously identified. Review prior inspection reports, injury and workers compensation records, incident investigation reports, and recent near-miss incidents.

Check to see if previously identified hazards have been abated or if further action is needed. Gather workplace inspection checklists from the Internet or other published sources. For example, self-inspection checklists are included in OSHA’s Small Business Handbook.

Determine what personal protective equipment you’ll need to conduct inspections in all the areas. It is important that you lead by example and use the necessary PPE, be aware of posted safety warning signs, and follow safety procedures.

Onsite Inspection

The Fact Sheet also describes the activities involved with the onsite inspections. It suggests the best way to conduct wall-to-wall inspections and lists easily identifiable hazards. In addition, the Facts Sheet provides tips for interviewing workers about safety issues.

For more information on safety walk-arounds, including post-inspection activities, see the OSHA Fact Sheet at this web page.

The post Safety Walk-Arounds appeared first on Whittington & Associates.

ISO 9001:2015, clause 5.1, Leadership and Commitment, includes requirements in sub-clause 5.1.2 for Customer Focus. It states that top management must demonstrate leadership and commitment with respect to customer focus by ensuring that:

a) customer and applicable statutory and regulatory requirements are determined, understood and consistently met;
 
b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;
 
c. the focus on enhancing customer satisfaction is maintained.

The aerospace quality standard, AS9100:2016, is based on ISO 9001:2015 and adds an additional customer focus requirement:

d. product and service conformity and on-time delivery performance are measured, and appropriate action is taken if planned results are not, or will not be, achieved.

According to ISO/TS 9002:2016, the intent of the “customer focus” sub-clause is to ensure that top management visibly demonstrates leadership and commitment in maintaining the organization’s focus on meeting customer requirements and enhancing customer satisfaction.

Customers are generally the people or organizations that purchase the organization’s products and services. However, individuals or organizations such as citizens, clients, patients, and students can also be the recipients of the organization’s products and services.

Top management needs to ensure that effective processes are in place to determine customer requirements and legal requirements related to the organization’s products and services, and that these requirements are understood. A focus on delivery performance and customer complaints can provide insights into the actions that might be needed to achieve or improve customer satisfaction.

Top management needs to ensure that actions are implemented to address risks and opportunities, so that expected results are consistently achieved. If not, then a Plan-Do-Check-Act approach should be followed to ensure that responsibilities are assigned for implementing further improvements, until customer needs and expectations are achieved.

Top management can focus on enhancing customer satisfaction by using the results of analysis and evaluation of customer satisfaction data. Using this analysis, top management may direct a change in the customer-related processes and the operations of the organization, including the allocation of resources.

The post Customer Focus appeared first on Whittington & Associates.