presented by: shannon craddock, programs & … · joint venture partners; ... outsource (either...

24
Presented by: Shannon Craddock, Programs & Accreditations Manager, PJR

Upload: lamque

Post on 20-Aug-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

Presented by: Shannon Craddock, Programs & Accreditations Manager, PJR

This interested party requirement (and related requirements discussed in

this presentation) focus on new ISO 9001:2015 requirements that are

basic (aerospace) quality management system pillars.

Interested parties are a critical aspect of how an organization identifies

its internal and external issues and its scope.

Accordingly, requirements in 4.1, 4.2 and 4.3 of the AQMS Standards will

be discussed today.

When inquiring about Interested Parties, it is important to ask some

leading questions:

► Who are your interested parties?

► Which ones are relevant to your QMS and how?

► What part of your QMS are they relevant to?

► Probable audit method: This is a high level, quality system establishment activity. Various methods will be utilized to ascertain implementation, including interviews with senior leadership regarding the overall process for identifying interested parties.

At our CB, when we receive the

completed audit documentation, we

are sometimes noting only a single

individual was included in the

Leadership interview.

While this is conceivable in a small

(3-5 person) operation, it becomes

less plausible in any situation with a

higher employee count.

One point should be emphasized.

It is most likely inappropriate for

an organization to conclude that

their only Interested Party group is

their customer base.

Let’s go back to the ISO 9000:2015

definition for Interested Party:

“Person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.”

► customers;

► end users or beneficiaries;

► joint venture partners;

► franchisors;

► owners of intellectual property;

► parent and subsidiary organizations;

► owners, shareholders;

► bankers;

► unions;

► external providers;

► employees and others working on behalf of the organization;

► statutory and regulatory authorities (local, regional, national or international);

► trade and professional associations;

► local community groups;

► non-governmental organizations;

► neighboring organizations; and

► competitors.

The new guidance publication ISO/TS 9002:2016 includes an extensive list of

potential interested parties:

► reviewing orders received;

► reviewing statutory and regulatory requirements with compliance

or legal departments;

► lobbying and networking;

► participating in relevant associations;

► benchmarking;

► market surveillance;

► reviewing supply chain relationships;

► conducting customer or user surveys; and

► monitoring customer needs, expectations and satisfaction.

Further guidance is provided in ISO 9002 on what the client should be doing to

ascertain the needs of their Interested Parties, including the following:

We need to ask leading questions (like those shown on slide 3) to determine how they concluded that their customers are the only relevant interested parties.

If the organization cannot provide evidence of a structured analysis having been performed, it is likely that the process by which interested parties were selected was flawed, and a nonconformance should be issued.

There are two circumstances where a nonconformance is likely

appropriate:

► If you have no evidence (or limited evidence) of an implemented

process for monitoring and reviewing information (methods shown

on the prior slide) – this would represent a violation of AS91xx: 2016

clause 4.2;

► If you have no evidence that interested party feedback (not just

customer feedback) is being discussed within Management Review –

this would represent a violation of AS91xx:2016 clause 9.3.2c1.

In order to assess the effectiveness

of the organization’s identification

of interested parties, one needs to

understand the external and internal

issues relevant to the organization’s

purpose/strategic direction. In

other words, “What is the context of

the organization?”

Has the organization implemented a process to determine, monitor and

review external and internal issues relevant to purpose and strategic

direction? (Clause 4.1)

► While not directly stated in the Standard, the organization should

consider its internal and external issues to facilitate determining its

relevant interested parties.

► Probable audit method: This is a high level, quality system establishment activity. Various methods will be utilized to ascertain implementation, including interviews with upper management regarding strategic planning.

► ISO 9002 provides extensive guidance on the new idea of internal and

external issues, including suggested lists for organizations to consider.

These include:

► External Issues:• Economic issues (foreign trade, exchange rates, etc.);

• Social issues (local unemployment, safety requirements, etc.);

• Market issues (competition, market trends, etc.);

• Statutory regulatory factors affecting the work environment;

• Political factors (stability, infrastructure and international trade agreements) and

• Technological factors (new technology, materials and equipment).

► ISO 9002 provides extensive guidance on the new idea of internal and

external issues, including suggested lists for organizations to consider.

These include:

► Internal Issues:• Overall performance;

• Resource needs;

• Human aspects (employee competency, company culture, union environments);

• Operational performance (new or existing equipment, etc.)

• Factors related to the governance of the organization (rules for decision making)

► Organizations need to be cognizant of the fact that external and

internal issues may change. They need to be monitored and

reviewed.

► The Organization needs to review its “context” at planned intervals,

perhaps through management review.

► Is the scope of the Organization’s AQMS appropriate/accurate and

does it take into account:• All internal/external issues,

• Relevant interested party requirements, and

• The products and services of the organization? (Clause 4.3)

► Exemptions can now be sought for any requirement of the Standard.

Auditors should expect that such designations are documented and

accompanied by a justification.

► Per ISO 9001:2015, conformity to any AQMS Standard can only be

claimed if the requirements determined as not being applicable do

not affect the organization’s ability or responsibility to ensure the

conformity of its products and services and the enhancement of

customer satisfaction.

► The guidance in this area has included input from many different

areas, including:

• TC 176 – more from them on the next slide

• ISO 9001 Auditing Practices Group

• Content within ISO 9001:2015 (both auditable and guidance)

• ISO/TS 9002:2016, Quality Management Systems – Guidelines for the application of ISO 9001:2015

► As far back as the ISO 9001:2008-based versions of the AQMS

standards, TC 176 has issued guidance documents on

scope/exclusions:

• From guidance document 524R6, “Examples of situations where conformity to ISO 9001:2008 should not be claimed (include) where an organization excludes a requirement on the basis that the activity has been outsourced.”

• From guidance document 630R3, “… when an organization chooses to outsource (either permanently or temporarily) a process that affects conformity with requirements… it cannot simply ignore this process, nor exclude it from the quality management system.”

► Outsourcing requirements discussed in ISO 9001:2015 appear as

follows:

• “The organization shall ensure that externally provided processes, products and services conform to requirements.” --ISO 9001:2015, clause 8.4.1.

• “All forms of externally provided processes products and services are addressed in 8.4, whether through an arrangement with an associate company, or outsourcing processes to an external provider.” --ISO 9001:2015, clause A.8

ISO 9002 discusses this requirement, and indicates (clause 8.4.1) that

“External providers could include the organization’s corporate headquarters, associate companies, suppliers or someone to whom the organization has outsourced a process.”

The ISO 9001 Auditing Practices Group also weighed in on this issue

in their guidance document written for “Scope of ISO 9001.” This

document indicates that “Outsourcing” is to be considered an input to

the development of an organization’s scope.

► The method of control should be determined by the organization, and

be based on customer-specific requirements, as well as the risk of the

outsourced process. Some methods are as follows:• Contracts, Terms & Conditions

• Purchase Orders

• E-mail communication

• External provider audits

• Requiring external provider to maintain a certification – management

system or NADCAP

• Work Instructions

► Any exemption rooted in outsourcing is not an acceptable exemption

and should result in a nonconformance during the audit.

► There are a significant number of clients who have claimed an

exemption from the design and development requirements on the

basis that designs were provided by their parent or sister company.

Such exemptions are not acceptable.

► ISO 9001:2015 requirements 4.1, 4.2, and 4.3 are closely related. An

inappropriate scope may lead to an incomplete identification of

internal and external issues, and subsequently, an incomplete

identification of interested parties. In other words, the context of the

organization is compromised.

► Many organizations struggle with these more theoretical concepts, as

opposed to requirements related to getting conforming parts out the

door.

► Requirements related to internal/external issues (4.1), interested

parties (4.2) and the scope of the AQMS (4.3) are fundamental pillars.

► As auditors, it is our job to promulgate the integrity of accredited

management system certification. We need to do the right thing.

These requirements need to be implemented and audited

appropriately. It is inexcusable not to write a nonconformity (even on

these management system establishment-type requirements), if one

exists.

Thanks to my PJR colleague Joseph Krolikowski for much of today’s content.

Questions/Answers/Cheers/Jeers