- Product and Layered Process Audits are not being performed to the documented schedule
- Contingency Plans do not address all requirements (Including Sanctioned Interpretations) and / or are not tested / simulated
- Key performance indicator metrics are not meeting goals, and have no documented countermeasures
- Customer Specific requirements are not implemented (The specific requirements could be from revised customer specifics or implementation could have lapsed)
- Off site warehousing has been added, but internal documentation has not been updated, material / part identification does not meet requirements (Including nonconforming product)
- Changes to Outsourced Processes not included in the required quality management system documentation, Approved Supplier Lists, or records of required certifications and supplier development
- Has your Management System become a One person show?
- Does Management struggle during audits when asked questions about the management system?
- Do you feel that the support for activities is not there as intended in the standard?
Why does this occur?
There can be many reasons that this occurs, and sometimes it is partially the fault of the management rep. If you are taking care of the auditors and audits all by yourself, updating documents for processes where you are not the owner, and creating records necessary to pass audits, this may indicate that you have taken too much control.
(I can personally relate to this!)
While the Management Representative for the Management System will most likely need to support all processes with knowledge of the standard, they need to let (And encourage) the Process owner dictate the processes. They also need to be less concerned when there are nonconformances identified in audits due to issues with different processes having issues – this just allows for the re-evaluation and improvement to occur. (This can be difficult to those of us that like to be in control to achieve)
Other times it can come from management system staff struggling to present information in the language best understood by upper management (This is where accounting training can help)
Things to try:
Good place to start would be with a thorough internal audit by a competent and independent auditor (This could be a resource like Management Solutions Group). This audit would include interviewing process owners and more in-depth assessment of the system and the implementation. This information would arm the organization with the knowledge of the best areas to focus on first.
We have noticed an increase in Cannabis Testing labs needing assistance. There are many issues to consider when developing management systems to meet the ISO 17025 requirements. For example, Michigan requires a laboratory achieve accreditation within 12 months after the date the laboratory license is issued.
We have worked with many small labs. From that experience MSG has developed a process to quickly prepare a laboratory for accreditation with lower costs. For us, this is a fairly standard project for which we have developed a very efficient process.
This is important for the cannabis product users since most users want to ensure that they are purchasing products with accurate listings for THC content, and that the products meet requirements for Herbicides and other potentially harmful chemicals. A quick internet search will show that historically there has been significant discrepancy in the reported THC contents of many products, and a real concern for other chemicals that can be concentrated as part of the processing.
- Have a very thorough internal audit completed by highly competent staff
- Know the areas to focus on for action
- Have confidence that your surveillance audits will go smoothly
- Need less internal resource needs for completing the internal audit and corrective actions
- Receive input on any issues found that will also provide outside eyes on ideas to solve these issues
These classes will help organizations and staff understand the new format of the FMEA forms and how to utilize the new format to implement the 7 Step Process along with the 5T’s needed to effectively create FMEA’s that will:
- Provide prioritized actions to reduce for potential risk
- Provide opportunities for preventive actions and continual improvement
- Effectively document cause & effects of failures
- Document preventive and detection risk
- Increase the usefulness of the resulting FMEA’s for continual improvement
- Ensure that your staff are creating the new FMEA's inthe most efficient way possible
This training is specifically for auditors (3rd Party and Internal) with a focus on an overview of the FMEA process, the new FMEA requirements (Design and Process), and how to audit this as part of the management system and process audit.
(Determination of Legal and Other Requirements):Management Solutions Group has team members competent in the regulatory requirements for safety & environment and as such can assist an organization with their required Evaluation of Compliance with Legal requirements that apply to the organization and advise on how to take these into account with the Management System. Those organizations with ISO 14001 Environmental Management Systems will be familiar with this process. For others, we will review the regulations and your processes determine the applicable requirements. These would then be managed through operational controls. If you have questions, we would be happy to discuss the requirements and your options.
Take a 45001 Course on Ingentius.com.
This article is not intended to be a full review of the requirements, just some highlights of the changes that affect the large number service and manufacturing organizations. There is a lot of free information available on the web. If you have any specific questions just contact us and we will assist you or point you in the correct direction for details.
Some of the changes that affect a lot of our clients are:
2020 Challenges: What should I be focusing on with my Management Systems (Quality, Environmental, Safety, Laboratory, Information Security…)
- What should I do to make sure my 3rd party audit goes well?
- What should I do to help my company through these challenging times?
With the pandemic and staff working from home, the management systems (ISO 9001, ISO 14001, ISO 45001 etc.) follow through can be a challenge, as well as the internal audit and improvement processes. Many organizations are working in smaller groups, performing more of the basic functions, and skipping some of the important documentation due to other important organizational needs. This does not leave us without opportunities to accomplish important tasks. Here are a few suggestions that will not only create improvements and risk reduction, but will also continue to support a management system’s requirements:
- Conduct internal audits focused on documentation and records. This can be done remotely and can also identify outdated language, redundant documentation that may not be consistent, and areas for improvement. These audits can be followed up with documentation and records process improvements. Future audits can always include increased production or manufacturing floor audits as a focus.
- Focus the audit and risk identification processes on contingency plans. This can allow an organization to document lessons learned and improve the organizations processes and contingency plans going forward. It will likely be some time before things in most organizations really return to normal, so improvements in these areas can be valuable for an organization.
- Management system staff and internal auditors can also assist departments and areas of the company organize and improve their processes in a changing environment. These staff are typically more trained and focused on this aspect of the work which can be of great value to many areas of an organization.
- Some specific areas to watch:
- IATF Temporary Change requirements
- Automotive PPAP requirements for internal changes
- IATF Shutdown and Startup requirements, where applicable
- Scheduling processes where order quantities are changing
- Changes to workflow and security requirements for staff working remotely
- Supplier management and development – many of the above items would also apply to the organization’s suppliers, and to protect your organization, you may want to ensure you are reviewing suppliers to determine if they are proactively addressing these changes and associated risks
We have been reviewing the data from many sources on the common nonconformances during transition audits for IATF 16949: 2016 as well as ISO 9001, ISO 14001, AS9100, ISO 13485 and now ISO 17025.
Some things stay the same
An analysis of the data identified many nonconformances that are consistent with audits conducted prior to the newly revised standards. These nonconformance are more common than those written to the new requirements for companies that spend more time addressing the new requirements explicitly in their management systems. Examples include:
- A gage that is past due for calibration without any extension records
- Control Plans and PFMEAs that do not match
- Work instructions that are not being followed or out of date…
Here is some very good advice on migrating to the new 16949 standard.
When you are looking at upgrading your management systems to meet the new requirements, you really need a solid approach to the project ahead. One important piece of advice that we have learned from experience is that when resources are needed for a project like this, it is critical to obtain the resources at the beginning of the project. If you are able to muddle your way through the process and achieve registration to the new standard which the hopes of finding resources to make the necessary improvement to the management system after certification, you will likely be disappointed. Here are some additional suggestions to the approach to the project: