Colors: Cyan Color

As an ASR auditor and audit packet reviewer, I review dozens of completed audit packages (ISO 9001, ISO 14001, ISO 13485) each month. Based on these reviews, I thought clients might be interested in sharing with their internal auditor staff two “best friends” that can help improve audit effectiveness and reduce potential risk:

  1. Witness employees doing their jobs.
  2. Ensure corrective action responses and customer complaints reflect more than the detected incident, but how can the issue be prevented in the future and reduce any potential risk.
Read more: Observe and Inquire – Auditor’s Two...

By ASR Editor
Updated May 2020

ASR auditors have found organizations going through a Stage 1 audit fail to audit their entire quality system fully. There appears to be a misconception that a Stage 1 audit is merely a "gap" analysis or readiness assessment, and a full system audit is not necessary. However, a readiness assessment means an organization should be "ready."
Read more: Keys to Performance - 2020 Revision

As businesses and industry slowly restart, organizations are thinking about COVID-19 management and operation start-up, with a return to stable operations and communication of that restart plan to relevant interested parties/stakeholders.

Management of COVID-19 is key to the return of a safe work environment. Plans may include a strategy for virus prevention, reduction of potential exposure, and implementation of a reaction plan if the virus is detected within the organization and should cover both employees and visitors.
Read more: Audit Trails from Restarting...

Clause 5.3 of the ISO 9001:2015 standard, titled "Organizational roles, responsibilities, and authorities," mandates that top management must ensure the organization's roles, responsibilities, and authorities are assigned, communicated, and understood. This is critical for the effective implementation, maintenance, and continual improvement of the quality management system (QMS). The proper implementation helps eliminate the following:

  • I am not responsible for that
  • No one's in charge of this
  • Nobody understands what they are supposed to do
  • I do a lot but have no authority
  • The ball seems to get dropped a lot
  • There are a lot of chiefs and no Indians.

Here's what this clause involves:

  • Assignment of Roles, Responsibilities, and Authorities: Top management must clearly define and document who is responsible for what within the organization about the QMS. This includes who is responsible for ensuring that the QMS conforms to the requirements of ISO 9001, reporting on the performance of the QMS and opportunities for improvement (including to top management), and ensuring the promotion of customer focus throughout the organization.
  • Communication and Understanding: It is not enough to merely assign these roles; the organization must also communicate these assignments throughout the organization. This ensures that everyone understands their specific responsibilities and authorities regarding quality management.
  • Documented Information: While ISO 9001:2015 has reduced the emphasis on documented procedures, this clause implies the need for documented information to support the understanding and communication of roles, responsibilities, and authorities within the organization.

Clause 5.3 ensures clear leadership and accountability within the organization regarding the QMS. By clearly defining and communicating the roles, responsibilities, and authorities, organizations can ensure that their QMS is effectively and efficiently managed, with clear lines of accountability and decision-making that support the achievement of quality objectives and improvement of processes. This structure supports the overall effectiveness and efficiency of the QMS, contributing to enhanced customer satisfaction and organizational performance.

Clause 5.2.2 of the ISO 9001:2015 standard, titled "Communicating the Quality Policy," focuses on the requirements related to communicating the organization's quality policy. Quality policy helps create norms and culture within an organization.  The clause mandates that the quality policy must be communicated, understood, and applied within the organization. Furthermore, this clause requires the quality policy to be available to relevant interested parties (who care about your company and what they want from you). Here are the key aspects:

  • Accessible and documented:  It is a formal document available to all employees.  Employees should be able to demonstrate how to access it.
  • Internal Communication: The organization must ensure that the quality policy is communicated and understood by all employees and individuals working for or on behalf of the organization. This includes ensuring that everyone knows how the policy applies to their specific roles and responsibilities within the quality management system (QMS).
  • Understanding the Quality Policy: Beyond merely communicating the policy, the organization must ensure it is understood. This might involve training, meetings, or other forms of communication to clarify the importance of the quality policy and how employees' activities contribute to achieving its objectives.
  • Application of the Quality Policy: The organization must ensure that the quality policy is communicated, understood, implemented, and maintained across all levels. This means the policy's principles are integrated into everyday processes and practices, guiding decision-making and actions.
  • Availability to Interested Parties: The quality policy should also be available to relevant interested parties outside the organization. This can include customers, suppliers, and other stakeholders who are interested in the organization's commitment to quality. Making the policy available can be achieved through various means, such as posting it on the organization's website or providing it upon request.

The emphasis on communicating the quality policy underscores its importance as a foundational element of the QMS. By ensuring the policy is widely understood and applied, the organization fosters a culture of quality that supports continuous improvement and aims to enhance customer satisfaction. This clause provides that the quality policy serves as a clear guide for all quality-related organizational activities.

2nd GUY training ISO 9001

Reducing non-conformance in an ISO 9001 Quality Management System (QMS) ensures that an organization consistently meets customer and regulatory requirements. Non-conformance is a deviation from a specified process, standard, or customer requirement. Here are three practical ways to reduce non-conformance in an ISO 9001 management system:

1. Enhanced Training & Competence Development:


Regular Training: Conduct training sessions for employees to ensure they know the latest quality standards, processes, and best practices. Provide training on the importance of quality, the specifics of ISO 9001, and the details of internal processes and procedures. The ISO-related training can be completed in-person or online (see https://Ingentius.com for online training programs).

Competence Assessment: Regularly assess the competence of employees to perform their designated tasks. Identify skill gaps and provide targeted training to address these gaps. The assessments must be documented and communicated during an audit or certification.

Awareness Programs: Develop programs to enhance awareness about the importance of quality and the implications of non-conformance. Awareness can help in creating a quality-centric culture within the organization.

Read more: Three ways to reduce non-conformance...

shipping terminal 1In ISO 9001:2015, the standard provides guidelines for controlling externally provided processes, products, and services in Section 8.4, titled "Control of Externally Provided Processes, Products, and Services." Here are some issues and suggestions to effectively control external resources and stay in compliance with ISO 9001:

  1. Define Requirements:

Identify and document the specific requirements for externally provided resources. These requirements can come from customers, regulatory authorities, or your organization's internal standards and procedures.

  1. Supplier Evaluation and Selection:

Evaluate and select suppliers and service providers based on their ability to meet your requirements. You should communicate the requirements to the supplier before acquisition. Consider their track record, capabilities, financial stability, conduct, failure to follow statutory or regulatory requirements, over-billing, and reputation (negative news reports).

  1. Establish Supplier Controls:

Implement controls to ensure that suppliers and service providers meet your requirements. This can include contractual agreements, service level agreements (SLAs), and quality specifications.

  1. Document Procedures:

Document your procedures for controlling these external resources. These procedures should outline how you will monitor and manage your suppliers and service providers.

  1. Communication:

Communicate your requirements clearly to your suppliers and service providers. Ensure that they understand your expectations and any relevant quality standards.

  1. Monitoring and Measurement:

Regularly monitor and measure the performance of your suppliers and service providers against the established criteria. This may include conducting audits, inspections, or performance reviews. Again, communication is critical.

  1. Corrective Actions:

Take corrective actions if suppliers or service providers do not meet your requirements. This may involve addressing non-conformities, implementing preventive actions, or changing suppliers.

  1. Records:

Maintain records of supplier evaluations, performance reviews, and any actions taken to address non-conformities or improve performance. These records are essential for demonstrating compliance with ISO 9001.

  1. Continual Improvement:

Continually review and improve your processes for controlling external resources. Use feedback from performance monitoring and customer feedback to drive improvements.

  1. Risk Management:

Consider the risks associated with externally provided processes, products, and services. Develop strategies to mitigate these risks and ensure your supply chain remains resilient.

  1. Auditing:

Include the control of external resources as part of your internal audit program, verifying compliance with ISO 9001.

  1. Training and Awareness:

Ensure that your employees are aware of their roles with Clause. Provide training as needed.

  1. Customer Satisfaction:

Monitor customer satisfaction related to externally provided processes, products, and services. Use this feedback to drive improvements and address any issues promptly.

By following these steps and integrating them into your organization's quality management system, you can effectively control external per ISO 9001 and consistently deliver quality products and services to your customers.

quality manager

Monitoring and measuring resources is critical to the ISO 9001 Quality Management System (QMS) standard. When organizations seek to implement ISO 9001 requirements related to these resources, they ensure the necessary equipment and systems are in place to produce consistent, high-quality products and services.

To implement ISO 9001 requirements for monitoring and measuring resources, follow these steps:

  1. Determine What Needs to be Monitored and Measured:
    1. Identify processes, products, and services that need Monitoring and measurement to ensure conformity and effective performance.
    2. Look at past performance data, customer feedback, and the nature of the processes to make these determinations.
  2. Select Appropriate Equipment/Tools:
    1. Depending on what's being monitored or measured, determine if you need tools like calipers, gauges, software, etc.
    2. Ensure the selected equipment/tools are appropriate for the precision and accuracy required.
  1. Calibrate Equipment:
    1. Calibration ensures that measurement equipment provides accurate and consistent results.
    2. Maintain calibration records, including calibration dates, results, and next calibration due dates.
    3. Use recognized calibration standards where applicable.
  1. Train Staff:
    1. Ensure that individuals using the Monitoring and measuring equipment are trained adequately. They should understand the importance of their actions and know how to operate the equipment correctly.
  1. Maintain Equipment:
    1. Regular maintenance helps prevent inaccuracies or malfunctions.
    2. Develop and adhere to a maintenance schedule and keep records of any maintenance activities.
  1. Establish Monitoring and Measuring Procedures:
    1. Document the methods or procedures used for monitoring and measuring activities.
    2. Procedures should cover frequency, methods, when and how data is analyzed, who is responsible, and how results are reported.
  1. Analyze and Use the Data:
    1. Regularly review the data from monitoring and measurement activities.
    2. Determine if processes are effective and if products/services meet requirements.
    3. Look for trends or anomalies that could indicate potential issues.
  1. Take Corrective Action:
    1. If Monitoring and measuring activities reveal non-conformities or potential problems, take corrective action.
    2. Ensure the effectiveness of the corrective actions by re-monitoring and re-measuring.
  1. Continuous Improvement:
    1. Use Monitoring and measuring data as input for the management review process and for identifying opportunities for continual improvement.
  1. Document and Record:
    1. Maintain records of Monitoring and measuring activities, equipment calibration, and maintenance. This provides traceability and evidence for internal and external audits.
  1. Review and Update:
    1. Periodically review and revise your Monitoring and measuring processes to ensure they remain effective, especially if there are changes in products, services, or processes.
  1. Engage Top Management:
    1. Top management should be informed about the importance of monitoring and measuring resources. Their support can ensure that sufficient resources (like budget and personnel) are allocated to these activities.

Implementing these requirements will help ensure consistent product/service quality, improve processes, and increase customer satisfaction. Remember, the goal isn't just to comply with the standard but to use it to improve organizational performance.

Sign Up for Our Newsletter

Client Testimonials

ASR was my only choice

"We are very pleased with our experience. I have used ASR at previous employers and have had Eric as my auditor. When I joined KESG, ASR was my only choice!!"

Rick Bennett
KESG

ASR went beyond the norm.

ASR has been very flexible responding to rescheduling associated with readiness on our side. One were were able to proceed with Stage 1 and Stage 2, they were able to be completed as scheduled. The auditor Andy Bravo was outstanding - one of the best auditors we have had from knowledge, thoroughness, professionalism and style. He was very open and helpful - he readily explained things we did not understand about the new standard (moving from ISO to AS). He audited areas past auditors never addressed and stayed to involve the second shift helping them become involved. Any questions for the home office have been addressed quickly and professionally. Very happy with our decision to move to ASR. 

Rick Hall
Tier ONE