Search results

Quality in production and warehousing

Production, packaging and warehouse for finished products is mainly treated in clauses 8.5, 8.6 and 8.7 of ISO 9001:2015 in things like is concerned with:

• Specifications for products/services
• Quality control plans
• Process control plans
• Work instructions describing what to do
• Monitoring resources requirements
• Specifications for equipment and working environment
• Competency requirements for people
• Process validation requirements, if applicable
• Identification and traceability, if applicable
• Handling of materials belonging to customers and other outside parties
• Preservation and protection of products
• After sales guarantees
• Quality control activities
• Treating of nonconformities
   

You can find more information below:

• ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.
   

Steps in validation of documents

As far as I understand your question, top management must determine who has the authority to approve each document relevant for the quality management system.

So, validating a QMS document requires its approval by an authorized person. Please consider this article - Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/ - with the main steps for controlling documents

You can find more information about documents and records below:

• How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Interested party

Organizations exist to serve interested parties. While trying to do that, organizations are constrained, helped or hindered by other interested parties. So, organizations have to consider and manage what each interested party need or expect in order to meet expected results and minimize risks.

You can find more information about interested parties below:

• Understanding the needs & expectations of interested parties in ISO 14001 - https://advisera.com/14001academy/blog/2017/04/03/understanding-the-needs-expectations-of-interested-parties-in-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

ISO 14001 Internal Audit

I would verify if:

• all clauses of the standard were audited;
• there are evidences of the internal auditor’s competency;
• all nonconformities raised were closed; 

You can look for more information below:

• Using internal audits to drive real improvement in ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/using-internal-audits-to-drive-real-improvement-in-iso-140012015/
• Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Is it a requirement that you perform simulations on your Contingency Plans?

IATF 16949: 2016 standard 6.1.2.3 e) says "periodically test the contingency plans for efficiency (eg simulations as appropriate)".

Also in article c) "prepare contingency plans for continuity of supply in the event of any of the following: key equipment failures (also see Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; wastage; utility interruptions; labor shortages; or infrastructure disruptions".

In the following case, for the cases specified in article c); testing or simulation is mandatory. The organization can determine the frequency of testing or simulation according to the risk and its impact on the customer.

So, at least for all cases, you can test or simulate once; then you can determine the frequency according to the results, risk.

Difference between list of internal documents and list of type of records

The list of internal documents are all documents that you will prepare for your Quality management system (documented procedures). Records are documents that arise as a result of some work, testing, reports, and similar. 

For more information, please see the following articles:

• How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

• Observations about non-conformances

  Yes, you can add OFI (observation for Improvement) to your audit report.

  You can find more information below:

  • ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
  • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
  • Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Items where most companies fail to comply with IATF standard

  This topic changes according to the size of the company and the structure of the organization. But according to my experience as a result of my audits, main problematic issues are the following:

  1. Defining contingency action plans and test/simulation results

  2. Problem-solving root cause analysis and systematic action identification and parallel of this the FMEA/control plan review/update with customer complaint management process

  3. Being able to do FMEA correctly

  4. Change Management

  5. Rework/Repair identification and risk analysis

  6. MSA application

  7. Manufacturing feasibility documentation and review for new facility and equipment

  8. General process-based risk assessment

  9. Supplier based risk assessment and supplier audit/development plan

  10. Interested party’s expectation management and to deploy the organization QMS

  11. Customer-specific requirements documentation, management, and implementation into organization quality management

• Are flowcharts mandatory for every process?

  No, there is no strict requirement to have flowcharts for every single process. In ISO 13485:2016 requirement 4.1.2 is stated that organization shall determine the sequence and interaction of the processes. So, flowchart is only one ways to do that. If you can prove that you have determine sequence and interaction on some other ways, it is apsolutly acceptable. 

  More information regarding this topic you can find on the following links:

  • How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

  • ISO 9001: The importance of the process approach https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/

  • How links between processes can increase level of quality https://advisera.com/9001academy/blog/2015/04/07/how-links-between-processes-can-increase-level-of-quality/

  • Analysis with each standard and implementation

    I'm assuming you want to know what you need to evaluate to know how to charge for a diagnostic against a standard and for its implementation.

    Considering that, when acting as a consultant, you normally charge per hour or per day - for a diagnostic against a standard it is usually per day, and for standard implementation, it is usually per hour.

    To calculate the amount of time you'll need for a diagnostic, you have to know the following:

    • Are you going to perform the interviews with all the department heads, or are they going to fill out the diagnostic sheets themselves
    • Are you going to perform a deep analysis of documentation and controls or not

    To calculate the amount of time you'll need for implementation, you have to know the following:

    • Are you going to perform an active role in the implementation, or are they going to  act as a support role
    • Are you going to participate in determining the security controls, or will the client do this on their own
    • Which documents should you write

    By the way, as part of our ISO 27001 Consultant Toolkit https://advisera.com/27001academy/consultants/ you'll find a document called "Division of tasks & time plan" which describes all the implementation tasks in more detail, together with the expected timing for each.

    In the book Secure & Simple you'll find a detailed explanation of the steps in the implementation: https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

    This article may also help you:

    • 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/