Search results

Certifying one section of the organization

Theoretically it is possible to certify one section of an organization, that is why scope design is important. However, don’t forget to clarify who are the customers of that section. Remember ISO 9001:2015 is to enhance customer satisfaction.

The following material will provide you more information:

• Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
• ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Strategic planning

If you are asking my opinion my personal answer is yes. Two companies in the same economic sector, located in the same country, under the same laws and regulations, may have different processes and priorities due to different strategic orientations. Please check my answer to another question here - https://community.advisera.com/topic/key-performance-indicators-in-relation-to-iso/ where I use a metaphor to show the importance of different strategic orientations.

However, this is not the approach followed by ISO 9001:2015 at least explicitly.

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/blog/2016/05/24/define-key-performance-indicators-qms-based-iso-9001/
• How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Setting objectives and targets

Good objectives are SMART (specific, measurable, achievable, realistic and time-based). Measurable means having an indicator. Target means having success criteria.

It is possible to consider 3 types of indicators:

• Effectiveness indicators;
• Efficiency indicators;
• Quantity indicators. 

For me, the most important are the effectiveness indicators, they measure if the purpose of the process is being met.

For example, for a company that has a strategic direction around innovation and has a process called “Develop new products” one can ask:

• What is the purpose of such process?
• Quickly develop new products that are market hits.

Effectiveness indicators will measure “Quickly” and “hits”. For example:

• Average time to market
• Revenue from new products
• Average price of new products 

Efficiency indicators are the classic QCD indicators:

• Quality
• Cost
• Deliver

For example, for a company that installs wireless networks for telecom companies, with a process called “Install network”, efficiency indicators can be:

• Number of daily nonconformities raised by the customer
• Actual network installation costs versus budgeted costs
• On-time delivery rate 

Quantity indicators give information about the need to manage resources accordingly. For example, number of incoming calls at a call center is a way of evaluating the need to contract more people to handle more calls without raising waiting time.

In this free webinar on demand I develop the challenge of working with relevant indicators - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Root cause analysis

You asked firstly

what is your advice to avoid this problem

As you mentioned a delay in receiving a report of approx 3 months, I shall reply, assuming you are referring to the report you receive from a proficiency testing (PT) scheme.

The purpose of a management system is to ensure that all the supporting activities are effective and any risks are under control (quality assurance). Ensuring the validity of your results, meaning that the results are valid and can be released to customers; involves a dual approach of internal and external quality control.  Now the first issue at hand is to ask  - is it appropriate to only be evaluating your external performance every three months ? Look at the risk of releasing invalid results in the time between PT reports. If your objectives are impacted by only receiving PT reports every three months, you need to address the risk. It will depend on the method – for example if you have performed validation using certified reference materials, or even run a CRM with every batch (i.e. internal quality check) you are assured of the accuracy and have established you do not have a significant bias.  You would release the routine results, based on the internal quality control checks passing for the same batch as the routine samples as well as having no trends in your PT scheme performance over the prior period (i.e. no changed risk). If there was a poor performance previously, your assurance would be that the laboratory had already implemented effective, verified corrective action.

You also asked  

How to make the root cause investigation easy?

To address your question, it is important to ask the purpose of root cause analysis. In the context of corrective action, it is a process used by a laboratory during evaluation of a nonconforming event, to determine the basic underlying reason for the deviation from a desired outcome. Before starting, look at  the risk that the labortory's stated desired outcome stated or specified criteria was not appropriate.

So what do you need to consider, with when doing performance evaluation ? Remember that PT is a way to confirm that over a period of time (because it has a statistical basis) your laboratory does not have a significant bias or trend. Make sure that the pre-defined performance criteria you set for each method is appropriate. To avoid unnecessary investigation these must be realistic. For example it will not be appropriate to state that for all events where a PT report indicates a single unsatisfactory result, the laboratory would do corrective action. You need to evaluate the significance of the reported PT performance.  State the reported deviation from the pre-defined performance criteria and evaluate, according to ISO 17025 clause 7.10 whether corrective action is required. For example the assigned value may have been below the Limit of quantification for your method or not a suitable matrix. meaning ther is no reason for corrective action.

The following ISO 17025 document template: may assist further:

Quality Assurance Procedure at https://advisera.com/17025academy/documentation/quality-assurance-procedure/

Complaint, Nonconformity and Corrective Action Procedure at https://advisera.com/17025academy/documentation/complaint-nonconformity-and-corrective-action-procedure/

For more information on root cause, have a look at the article How to use root cause analysis to support corrective actions in your QMS at https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/

Meaning of "Log" in Contingency Plan

As you know, the effectiveness of contingency action plans should be checked by testing or simulation methods according to risk level to customers. When testing and/or simulation is done or when a real event occurs, details should be recorded in the "log" line with the date, time, etc. You can use the ‘’log’’ line for this reason.

A.8.3 Media handling

Please note that in ISO 27001, the word "media" refers to both electronic and paper, so all these controls can be applied to paper media.

This article will provide you a further explanation about paper media:

• Why is ISO 27001 applicable also for paper-based information? https://advisera.com/27001academy/blog/2019/01/21/why-is-iso-27001-applicable-also-for-paper-based-information/

This material will also help you regarding ISO 27001 controls:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Designing management system by business processes vs clauses

Because the process approach describes your organization and how it works every day in a way that people understand. Normally, in an organization, people do not know ISO 9001 clauses. It is easier to visualize the flow of work than memorize the clauses:

• Identify materials and components need;
• Select suppliers and place an order (clause 8.4)
• Control quality on reception (clauses 8.4 and 8.6)
• Use measurement resources you can trust (clause 7.1.5)
• Treat nonconformities on reception (clause 8.7)
• Identify materials and lot number (clause 8.5.2)
• Store materials and components at the warehouse (clause 7.1.4)
• Use competent people in this process with clear responsibilities and authorities (clauses 5.3, 7.1.6 and 7.2)

I became a fan of the process approach before the ISO 9001:2000 version because I used to work based on the clauses of the standard. When working with a service company, an interim work company, I had to always explain the standard to people. One day I decided to do a major flow of how they worked and it was a miracle, they understood it and I've never had to explain the standard content again.

The following material will provide you more information:

• Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
• Free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• I base this book in the process approach - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Control measure for material handling

The OH&S control measures that need to be put in place for material handling will vary greatly depending on the type of materials handled and the machines used; additionally, the legal requirements for the areas in question need to be taken into account as this can dictate the controls needed.

For instance, if a lift truck is used then the safety considerations of training the driver may need to be considered, as well as the safety considerations for the fuel used (such as propane storage). If, on the other hand, you use only hand powered trucks to move your material then these safety controls would be different, such as PPE for foot injury.

You can learn more about the levels of control that can be considered in the article: 5 levels of hazard controls in ISO 45001 and how they should be applied, https://advisera.com/45001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-iso-45001-and-how-they-should-be-applied/

Numbering documents

According to ISO 9001:2015 clause 7.5.2 a) you do not need to number the documents; you need to have a methodology to identify each document. You can use numbers or titles, for example.

The following material will provide you more information:

• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Defining risk and opportunities

When you consider desired or expected results and due to uncertainty, you realize that you might not meet those results you are considering the influence of risks. Positive risks, also known as opportunities, help you meet or surpass desired results. Negative risks, risks, hinder your ability to meet those desired results.

ISO 9001:2015 does not require documenting risks and opportunities. So, organizations are free to decide if they document and how to document. I recommend organizations develop a register for risks and opportunities. That register can be global or per product/service, or per process, or per department.

For example, in the purchasing department you can identify risks such as:

• Selecting a bad supplier
• Receiving ordered material too late
• Receiving ordered material with quality problems

For example, in the purchasing department you can identify opportunities such as:

• Selecting a supplier with know-how that helps us develop innovative products
• Selecting a supplier that allows us to manufacture small amounts with fast response.

The following material will provide you more information:

• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
• Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
• Please check this free webinar on-demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/