presented by: shannon craddock, programs & … · joint venture partners; ... outsource (either...
TRANSCRIPT
This interested party requirement (and related requirements discussed in
this presentation) focus on new ISO 9001:2015 requirements that are
basic (aerospace) quality management system pillars.
Interested parties are a critical aspect of how an organization identifies
its internal and external issues and its scope.
Accordingly, requirements in 4.1, 4.2 and 4.3 of the AQMS Standards will
be discussed today.
When inquiring about Interested Parties, it is important to ask some
leading questions:
► Who are your interested parties?
► Which ones are relevant to your QMS and how?
► What part of your QMS are they relevant to?
► Probable audit method: This is a high level, quality system establishment activity. Various methods will be utilized to ascertain implementation, including interviews with senior leadership regarding the overall process for identifying interested parties.
At our CB, when we receive the
completed audit documentation, we
are sometimes noting only a single
individual was included in the
Leadership interview.
While this is conceivable in a small
(3-5 person) operation, it becomes
less plausible in any situation with a
higher employee count.
One point should be emphasized.
It is most likely inappropriate for
an organization to conclude that
their only Interested Party group is
their customer base.
Let’s go back to the ISO 9000:2015
definition for Interested Party:
“Person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.”
► customers;
► end users or beneficiaries;
► joint venture partners;
► franchisors;
► owners of intellectual property;
► parent and subsidiary organizations;
► owners, shareholders;
► bankers;
► unions;
► external providers;
► employees and others working on behalf of the organization;
► statutory and regulatory authorities (local, regional, national or international);
► trade and professional associations;
► local community groups;
► non-governmental organizations;
► neighboring organizations; and
► competitors.
The new guidance publication ISO/TS 9002:2016 includes an extensive list of
potential interested parties:
► reviewing orders received;
► reviewing statutory and regulatory requirements with compliance
or legal departments;
► lobbying and networking;
► participating in relevant associations;
► benchmarking;
► market surveillance;
► reviewing supply chain relationships;
► conducting customer or user surveys; and
► monitoring customer needs, expectations and satisfaction.
Further guidance is provided in ISO 9002 on what the client should be doing to
ascertain the needs of their Interested Parties, including the following:
We need to ask leading questions (like those shown on slide 3) to determine how they concluded that their customers are the only relevant interested parties.
If the organization cannot provide evidence of a structured analysis having been performed, it is likely that the process by which interested parties were selected was flawed, and a nonconformance should be issued.
There are two circumstances where a nonconformance is likely
appropriate:
► If you have no evidence (or limited evidence) of an implemented
process for monitoring and reviewing information (methods shown
on the prior slide) – this would represent a violation of AS91xx: 2016
clause 4.2;
► If you have no evidence that interested party feedback (not just
customer feedback) is being discussed within Management Review –
this would represent a violation of AS91xx:2016 clause 9.3.2c1.
In order to assess the effectiveness
of the organization’s identification
of interested parties, one needs to
understand the external and internal
issues relevant to the organization’s
purpose/strategic direction. In
other words, “What is the context of
the organization?”
Has the organization implemented a process to determine, monitor and
review external and internal issues relevant to purpose and strategic
direction? (Clause 4.1)
► While not directly stated in the Standard, the organization should
consider its internal and external issues to facilitate determining its
relevant interested parties.
► Probable audit method: This is a high level, quality system establishment activity. Various methods will be utilized to ascertain implementation, including interviews with upper management regarding strategic planning.
► ISO 9002 provides extensive guidance on the new idea of internal and
external issues, including suggested lists for organizations to consider.
These include:
► External Issues:• Economic issues (foreign trade, exchange rates, etc.);
• Social issues (local unemployment, safety requirements, etc.);
• Market issues (competition, market trends, etc.);
• Statutory regulatory factors affecting the work environment;
• Political factors (stability, infrastructure and international trade agreements) and
• Technological factors (new technology, materials and equipment).
► ISO 9002 provides extensive guidance on the new idea of internal and
external issues, including suggested lists for organizations to consider.
These include:
► Internal Issues:• Overall performance;
• Resource needs;
• Human aspects (employee competency, company culture, union environments);
• Operational performance (new or existing equipment, etc.)
• Factors related to the governance of the organization (rules for decision making)
► Organizations need to be cognizant of the fact that external and
internal issues may change. They need to be monitored and
reviewed.
► The Organization needs to review its “context” at planned intervals,
perhaps through management review.
► Is the scope of the Organization’s AQMS appropriate/accurate and
does it take into account:• All internal/external issues,
• Relevant interested party requirements, and
• The products and services of the organization? (Clause 4.3)
► Exemptions can now be sought for any requirement of the Standard.
Auditors should expect that such designations are documented and
accompanied by a justification.
► Per ISO 9001:2015, conformity to any AQMS Standard can only be
claimed if the requirements determined as not being applicable do
not affect the organization’s ability or responsibility to ensure the
conformity of its products and services and the enhancement of
customer satisfaction.
► The guidance in this area has included input from many different
areas, including:
• TC 176 – more from them on the next slide
• ISO 9001 Auditing Practices Group
• Content within ISO 9001:2015 (both auditable and guidance)
• ISO/TS 9002:2016, Quality Management Systems – Guidelines for the application of ISO 9001:2015
► As far back as the ISO 9001:2008-based versions of the AQMS
standards, TC 176 has issued guidance documents on
scope/exclusions:
• From guidance document 524R6, “Examples of situations where conformity to ISO 9001:2008 should not be claimed (include) where an organization excludes a requirement on the basis that the activity has been outsourced.”
• From guidance document 630R3, “… when an organization chooses to outsource (either permanently or temporarily) a process that affects conformity with requirements… it cannot simply ignore this process, nor exclude it from the quality management system.”
► Outsourcing requirements discussed in ISO 9001:2015 appear as
follows:
• “The organization shall ensure that externally provided processes, products and services conform to requirements.” --ISO 9001:2015, clause 8.4.1.
• “All forms of externally provided processes products and services are addressed in 8.4, whether through an arrangement with an associate company, or outsourcing processes to an external provider.” --ISO 9001:2015, clause A.8
ISO 9002 discusses this requirement, and indicates (clause 8.4.1) that
“External providers could include the organization’s corporate headquarters, associate companies, suppliers or someone to whom the organization has outsourced a process.”
The ISO 9001 Auditing Practices Group also weighed in on this issue
in their guidance document written for “Scope of ISO 9001.” This
document indicates that “Outsourcing” is to be considered an input to
the development of an organization’s scope.
► The method of control should be determined by the organization, and
be based on customer-specific requirements, as well as the risk of the
outsourced process. Some methods are as follows:• Contracts, Terms & Conditions
• Purchase Orders
• E-mail communication
• External provider audits
• Requiring external provider to maintain a certification – management
system or NADCAP
• Work Instructions
► Any exemption rooted in outsourcing is not an acceptable exemption
and should result in a nonconformance during the audit.
► There are a significant number of clients who have claimed an
exemption from the design and development requirements on the
basis that designs were provided by their parent or sister company.
Such exemptions are not acceptable.
► ISO 9001:2015 requirements 4.1, 4.2, and 4.3 are closely related. An
inappropriate scope may lead to an incomplete identification of
internal and external issues, and subsequently, an incomplete
identification of interested parties. In other words, the context of the
organization is compromised.
► Many organizations struggle with these more theoretical concepts, as
opposed to requirements related to getting conforming parts out the
door.
► Requirements related to internal/external issues (4.1), interested
parties (4.2) and the scope of the AQMS (4.3) are fundamental pillars.
► As auditors, it is our job to promulgate the integrity of accredited
management system certification. We need to do the right thing.
These requirements need to be implemented and audited
appropriately. It is inexcusable not to write a nonconformity (even on
these management system establishment-type requirements), if one
exists.