ISO 9001:2015 Transition Vol 2.
Happy Fall Everyone! I hope this newsletter finds all of you in conformance and improving. Last newsletter, I mentioned risk based thinking. I hope you and your company have started conversations about this. I know for me, waiting until I am drinking from a fire hose is not the best plan. I want to give y’all a little more information about the new ISO 9001:2015 standard:
- There is a change regarding how outsourced processes and purchasing are identified and handled. They are now considered externally provided processes, products, and services. You will also see “external providers” mentioned. There is more focus and specifics given to “outsourced” processes and about equal focus to “purchasing”. Basically, the International Organization dumped those external factors which can have impact into one bucket. Customer property is also mentioned.Risk based thinking is required.
- There is a new requirement. For many of you it will not be a change, but an awareness. For some of you it will be new. The change is regarding control of changes made within your production/service provision processes (for those of you with a Management of Change process, go there). The standard says if you make changes to your production/service provision you must review and control the changes and retain records (documented information) with authorization evidence. Ok so…here comes the risk based thinking train…there is verbiage in the standard which says “to the extent necessary to ensure continuing conformity”. Oh thank goodness this new standard continues to give us a few wiggle words. Auditors LOVE WIGGLE WORDS the MOST! But ha- with everything going down the risk based thinking track now, you will need to consider what does “to the extent necessary” mean. This really is a new requirement. This one makes sense to me. Keep it simple though…there are many groundhog holes…keep it useful, meaningful, and supported by risk based thinking.
Enough about those…now to the team running through the flag
with the band playing “go fight win”!
I hate to do this, but I am going to refer you to ISO 9001:2015 sections 4.4 and 6.1. These guys are the engines of the train with risk based thinking being the tracks. Drink this Kool-Aid and understand the concept….your sleep will be better, the sky will be brighter, and Virginia Tech will be a winning team again (and the Redskins). Maybe the last two are too unreal. These two sections really work together. In general, these mean: identify your processes (the inputs, the expected outputs), define the criteria and controls, figure out what resources you need to accomplish the output, assign metrics-KPIs-performance measures-quality objectives to the expected output(s), assign the person(s) to blame if they don’t work (sorry), I MEANT to say, assign the person(s) responsible and having authority to do something about these processes, figure out where your risks are and do something about them BASED upon POTENTIAL IMPACT. Then figure out if your improvement activities were effective.
So let’s say we have an external provider process specifically for purchased products (hardware, software, widgets, and services).
- Our input – purchase orders (Place an order)
- Our output – purchased product (Get an order)
- Our needed resources – humans, computers and so on
- One criteria for success – Receiving product from your suppliers to keep production going (I know there are others)
- Who’s responsible for the process? Procurement Manager (or whomever)
- What are some potential factors that can affect getting purchased product to production? Location of manufacturer/distributor, bad weather, transportation strikes, not having enough people in-house to receive purchased product quickly, etc. I am sure there are others.
- What can you do to mitigate (reduce the possibility) of these factors? – Maintain higher inventory levels, hire Santa Claus, look for a backup product/transportation supplier, increase receiving personnel to keep received product flowing through the pipeline.
- What are you WILLING to do to reduce the risk and impact (prioritize)? Consider what is the most reasonable, logical, and feasible. Maybe increase inventory for some long distance product and find a backup trucking company
- What are you willing to accept regarding the potential impact? Possibly willing to accept that the company does not have adequate resources in receiving
- The actions you took regarding receiving product from your suppliers to keep production going, did it work? If it did-GREAT, If it didn’t- loop back around-OR NOT dependent on your threshold of pain.
- Review these and other potential risks at a determined frequency
This is NOT telling any of you how to do process and risk identification. It is showing you an example. There are many methods and QSR will never say do it this way or that way. Auditors adjust to your processes.
Keep in mind, the requirement for identifying performance measures (quality objectives) is not new. Actually, the requirement to have these measureable objectives throughout your processes is not new. What is new is a hard defined requirement and the risk based thinking thing.
I will give y’all a little insider trading tidbit: Your objectives, performance measures, KPIs call them what you will, will be one of the main aspects we will always look at, along with the risks. We will also be auditing your processes and applying the parts of the standard. What that means for y’all is there is a very good chance QSR will be asking you to give us your identified processes: contract, purchasing, lab, and production, heat treat, project management and so on (up front). We will create a schedule based upon your information and then make sure we cover the applicable sections of the standard.
Gone Are The Detailed Checklists.
Gone Are The Lovely, Easy Days Of Me Saying From 10:00 – 11:00 7.4 Purchasing.
Gone Are The Quality Objectives: Maintaining ISO 9001,
On Time Delivery, Passing 3rd Party Audits.
So the take away is this:
- Start thinking about identifying your processes (Keep it real).
- Quality objectives, KPIs, metrics etc.
- Start thinking about the risks of the processes (don’t forget about the soft processes (HR, Maintenance etc.)
- Keep it simple
Finally, in the near future I am sending your “transition bucket” date. This date is based upon your certification expiration date. Consider raising your hand to go before your date. The transition audit will be a full system audit. We will need to amend some of your contracts. The transition audit does not add cost but mixes the audit sequence. Keep it simple everyone, or we will all find ourselves reaching into a bucket full of rattle snakes.