IATF Requirements:

• Supplier audits must be part of the supplier management approach (Section 8.4.2.4.1)
• Supplier audits must be a part of an organization’s supplier development process –
  • 8.4.2.5 Supplier Development. The organization shall determine the priority, type, extent, and timing of required supplier development actions for its active suppliers. Determination inputs shall include but are not limited to the following (8.4.2.5 b) - second-party audit findings (see Section 8.4.2.4.1);

• Supplier selection shall be based on ”An evaluation of the supplier’s quality management system” (8.4.1.2) – audit is not explicitly required, but could meet this requirement.
• Supplier auditors must be training and qualified to very specific requirements (7.2.4) (Essentially the same as internal auditors with the additional requirement of understanding the applicable manufacturing processes to be audited)
• These qualifications must be maintained, including changes to any of the core tools

Many companies are in the process of upgrading their management systems to include Aerospace and Medical certifications. Registration to these Standards is the key to diversifying your client base.

Management Solutions Group, Inc. has been in the forefront of this effort to provide our clients with assistance in training and implementation. We hope that the following information will be useful as you explore new opportunities in the medical device industry.

This standard is based on ISO 9001: 2000 as are IATF 16949: 2002 and AS 9100 B. Therefore companies that have a strong ISO 9001 or TS 16949 system will find that they have many of the required processes in place. They will still, however, need to address the requirements specific to the medical device industry as required in ISO 13485. We will highlight some of the additional and specific requirements here.

Many people immediately think of toxic waste and major pollution sites when they hear of an Environmental Management System (EMS) or ISO 14001. While these items would fall under an EMS, the actual scope is much broader and will affect almost everyone who works within a company with an EMS that meets the ISO 14001 requirements.

What is ISO 14001?

ISO 14001 was released in 1996 with the intent that companies manage all of the activities, products and services that can significantly impact the environment. The Standard has three basic objectives of continuous improvement, regulatory compliance and pollution prevention. The standard is broken into 5 main sections: Environmental Policy, Planning, Implementation & Operation, Checking and Corrective Action, and Management Review. To implement an ISO 14001 conforming EMS a company will have to write and implement approximately 6 new procedures and modify approximately 9 existing procedures (Assuming the company is currently ISO 9000 or QS-9000 compliant)

My management does not really seem to value our internal audits, so how do I get more buy in from management

First, ask yourself some tough questions

1) Are Internal Audits conducted to verify conformance or to improve performance? Conformance to a Procedure or Work Instruction is not the only focus of the Internal Audit Program. Conformance without performance is just not enough to excite Top Management.

2) What is the most "Value Added" issue that has been identified through Internal Audits? Does the Internal Audit Program use Company Measureables to focus the audit? Has the Internal Audit finding and the subsequent Corrective Action improved a Measurable? How much? Has it prevented a Customer Concern? What is the "Return on Investment" for Management's commitment to the Internal Audit Program?

With the current economic challenges facing most companies, Internal audit staff and their training and qualifications are, in many cases below expectations.

A good analogy to a typical internal audit program is playing the piano. If you take a 2-3 day lesson and are then required to give a recital once or twice a year with no practice, how will you perform? You would most naturally select a very simple song, play it very slowly, and perform mediocre at best.

Internal audits are very similar. With inexperienced auditors, the small nonconformances are found while overlooking the larger or more complex issues that have the real potential to improve quality and the management system. They also tend to overlook the many opportunities for improvement or make solid recommendations.

As a general rule of thumb, a full internal audit conducted by internal staff without extensive auditing experience should be about twice the mandays as a recertification audit by a registrar. This can vary greatly based on experience and audit tools, but it does give an indication of the internal resources required.

Management Solutions Group offers public internal auditor training courses along with cost effective onsite training that includes completing part or all of an internal audit at the same time as the training, improving the cost effectiveness.