Over the years of working in and around numerous engineering processes I have noticed that there is a tendency for designers to specify tighter tolerances than is strictly needed for the stated application. The psychological rationale for this is easy enough to understand, as engineers we want the product to function flawlessly every time it is called upon to do so, we plan for every eventuality; stacked tolerances, thermal expansion, manufacturing errors, foreign objects, environmental conditions every driver is urging engineers to reduce the potential variation by tightening the tolerances for the parts, which may not seem like a bad idea, or does it?

The flip side to this argument is that these tighter tolerances can have a profound impact on an organizations ability to produce a product in a cost effective manner. Costly rework and/or unnecessarily high scrap costs incurred to meet an overtly tight tolerance specification are an unwanted financial burden that most companies cannot afford to bear. Obviously there needs to be a balance between defining tolerances that adequately safeguard the design of the part from inconsistent manufacturing output and specifying parts beyond the processes capability to consistency produce them, but sometimes finding this balance can be difficult.

Design reviews are an ideal environment to discuss and challenge tolerance specifications, but when auditing it is rare that I see this as a specific agenda topic during these reviews. Similarly it is rare that I see organizations utilize the number and type of engineering changes requests or product concessions issued to adjust the tolerance of a specification to gauge the effectiveness of the design process.

During the internal audit process a review of the engineering change requests and product waivers is an excellent place to start an audit trail. Waivers to use either manufactured or purchased parts that are out of tolerance can quickly get to the heart of whether the design process is effectively producing the desired results.

Too often the design process can be viewed as a stand alone activity, isolated from the rest of the company perhaps because it is performed in a different location or even a different country. Ensuring that manufacturability considerations such as tolerance selections are made throughout the design process irrelevant of where it is being performed is a key requirement of a good design process. It must ensure that the organization is asking the right questions during each phase of the design process. The best design is the one that can be consistently produced to meet customer expectations in a cost effective manner. Informed tolerance selection is just one aspect that can be used in meeting this goal.

In December 2009, the International Automotive Task Force, or IATF, issued Communque’ #2009-019 announcing the IATF Customer Portal, which will allow users to check the validity of ISO/TS 16949 certificates.

Interested parties who need to confirm the validity of an ISO/TS 16949 certificate need to have the IATF certificate number in order to search and confirm the certificate and the name of the certificate holding organization. The portal can be accessed at the IATF Global Oversight website on www.iatfglobaloversight.org.

As the East Coast Regional Sales Manager for NQA, USA I’m frequently asked, by new clients to the ISO Registration process, what a “pre-assessment” is and what value it brings to an organization seeking ISO registration.

A pre-assessment or preliminary assessment is offered by NQA as a service in addition to the regular ‘Stage 1’ and ‘Stage 2’ audits of the actual Management System Registration process. It’s usually conducted by the same auditor that will perform the registration audit.

It’s recognized that a lot of work has gone into designing and developing a Management System which meets the various requirements of a standard like ISO 9001, ISO 13485, ISO/TS 16949 and ISO 14001. In many instances, the implementation of a Management System is a new venture for an organization and there is, naturally, some trepidation inside that organization as the Registration Audit approaches. There may be questions that cannot be satisfactorily answered by the people themselves; have we done enough to satisfy the requirements? Will this be enough to pass the audit? What will the auditor think of this? A pre-assessment is an opportunity to answer these.

In many ways, all the practice and preparation leading up to a Registration Audit is like the practice and development we – or our children – have gone through when learning to dance, or play an instrument etc. There comes a time when those skills and what’s been learned must be demonstrated, often in front of somebody! Maybe, a recital or a show of some kind is planned. In the days before that recital or show, it’s quite normal to go through a ‘dress rehearsal’, where the final touches are put to the performance. It’s not meant to be identifying anything really radically different, just putting a ‘polish’ on the overall performance; knowing where each person must stand on the stage, timing the lighting cues, last minute costume fixes etc.

Your organization can use a pre-assessment in the same way as a dress rehearsal for your Registration Audit. Unlike the ‘Stage 1’ and ‘Stage 2’ audits, there is no defined duration for the assessment, so you can choose how long you think you need. What’s more, as the customer, you get to decide what you want the auditor to review during the visit. The agenda is yours to define! An organization may decide to have the auditor focus on a few aspects, or take a sweep of the entire Management System. In selecting a smaller focus, customers often are interested in those aspects of the Management System which may be new to the organization, e.g. a calibration system, where none was formally defined or implemented before. Often a broad view of the status of the system as a whole can validate for the management team that their efforts are, indeed, ready to undergo the more detailed scrutiny of the Registration Audit.

Other benefits include:

Observing how the assigned NQA auditor goes about performing the audit. Although the organization will have conducted internal audits, it’s always good to know how the NQA auditor does things.

How they interact with the various people they interview. Each NQA auditor is different and they have ways of establishing good communications with the people they interact with. It helps to ‘break the ice’ if you know this ahead of time.

Allowing the various people of the organization to experience their role as auditees.  As before, although internal audits will have been performed, not everyone will have had a role in those. Some people might be natural candidates to be audited by the NQA auditor and it’s a great time to give them that experience.

Uncovering a potential weakness in the system before the ‘Stage 2’ audit is very useful, of course. The auditor who did the pre-assessment will be very aware the actions you took to rectify the situation found, which also builds confidence in the commitment to an effective system.

The pre-assessment can be timed with the ‘Stage 1’ audit. This allows for some continuity of understanding for the auditor since they will have been able to study your system documentation and, while that knowledge is still ‘fresh’ take a look at aspects of the implementation too. It also helps to cut down on your expenses!

The results of the pre-assessment can be a useful input to the ‘Management Review’ as a formal indicator of the ‘suitability and effectiveness’ of the Management System, in the days leading up to the Registration Audit.

One word of clarification: When an organization starts out on the road of implementing a Management System to meet an ISO based standard, it’s often useful to perform a ‘Gap Assessment’. This shouldn’t be confused with the pre-assessment described above. The timing, objective and outcomes are completely different.

In conclusion, if you intend to register your Management System, the management of your organization should fully weigh the benefits of having a pre-assessment performed. Just like a dress rehearsal, it doesn’t matter if it’s the local high school or the New York Symphony, they wouldn’t consider putting on a show without doing one!

NQA continues to develop its Food Safety programs and has recently added The FSSC 22000 certification scheme. This scheme has been benchmarked by the GFSI, an organization which represents over 70% of global food manufacturers, wholesalers and retailers. Once fully implemented, the FSSC 22000 certification scheme is expected to become the sixth standard to join the stable of GFSI recognized schemes.

The importance of this program can not be overstated, FSSC 22000 is the only certification scheme based on the successful ISO 22000.2005 Food Safety management System in combination with the PAS 220, prerequisite programs for food manufacturing, published by BSI. Supported and developed by Danone, Kraft Foods, Nestle, Unilever, General Mills, McDonald’s, and CIAA, for the certification of food safety systems of food manufacturers that process or manufacture animal products (not including slaughtering and pre-slaughtering), perishable vegetable products, and non-perishables with ingredients like additives, vitamins and bio-cultures.

With the addition of FSSC 22000 NQA can now offer a full range of GFSI recognized Food certification schemes including:

• BRC Global Food Safety
• BRC Global Packaging
• SQF 1000
• SQF 2000
• ISO 22000.2005
• HACCP

To help in the implementation of your Food Safety Management System NQA has developed various tools and checklists. For more details please contact Stephen Upton, Director of Food & Product Safety Programs at supton@nqa-usa.com or call 540-287-2848.

Many states are enacting new regulations and laws to help prevent identity theft.  For example, in Massachusetts the 201 CMR 17.00 is a comprehensive Identity Theft Prevention Regulation that was issued by Massachusetts Governor Deval Patrick. The purpose of this new law is to establish a standard set of regulations on how businesses protect and store their customer’s personal information. The new law and regulations require companies to establish and maintain a security system covering their computers, including any wireless devices, to encrypt their customer information.  Each violation of this law can carry up to $5,000 penalty.

In the next few weeks, NQA will be hosting a Webinar that will help organizations understand how you can leverage your ISO 9001 management system to meet the requirements of these new laws.  More information will be available soon at www.nqa-usa.com. Stay tuned!

Twice a year NQA-USA conducts teaming sessions for all its audit personnel in North America. The primary objective of these sessions is one of training, but it is also a great opportunity for a highly geographically dispersed workforce to interact with their colleagues and share our war stories and pit our wits with like minded individuals. During the last event a distinguished colleague of mine Steve Pearson, gave a superbly researched presentation on the difference between process monitoring and measuring and when each should be applied.

Until this point I had always considered measuring to be the act of taking a measurement and monitoring to be the review of a series of these measurements over time. For example a production operator is conducting in-process checks on a key characteristic of a manufactured part using a set of calipers. The operator checks three parts every hour and records the results on a simple xbar and r chart. In this scenario the operator is conducting the measurement and the chart is being utilized to monitor the process variation over time. Some of you may already be shaking your heads and bemoaning my blinkered approach to these requirements, but please read on, even an old dog like me can learn new tricks.

Now what if we look at the same scenario but change the operators function so they are simply taking the reading, comparing it against the control limits and if the measurement indicates that the part is within specification taking no action. In this scenario I would consider the operator to be monitoring the process and only reacting to any out of control conditions. Although the process variation is not being tracked over time to allow for effective statistical process control, I think it is clear that the process is still being monitored, so obviously my earlier definition of monitoring is somewhat flawed.

Intuitively I think we have always understood this, however it does have some interesting impacts when you start to think of it in combination with the many instances that the ISO 9001 ‘family’ of standards reference the need for monitoring or measurement of a process. Chief among these requirements are 4.1 and 8.2.3 reproduced in part below:

4.1 General requirements, The organization shall  e) monitor, measure where applicable, and analyze these processes

8.2.3 Monitoring and measurement of processes, The organization shall apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes.

These are two strongly worded clauses that make it quite clear that process monitoring is required, however process measuring is, in both instances, only required where applicable. So if as a minimum, we consider the concept of process monitoring to be the implementation of process control points that will only indicate when a process is not producing the desired results, then this somewhat reactionary approach may be acceptable in meeting these requirements. However we must take heed of the note at the bottom of clause 8.2.3 which states;

‘When determining suitable methods, it is advisable that the organization consider the type and extent of monitoring or measurement appropriate to each of its processes in relation to their impact on the conformity to product requirements and on the effectiveness of the quality management system.”

So is all this just semantics and quality techno-babble…. Maybe. What I learnt from Steve’s presentation is that to monitor a process does not necessarily require the structured review of its performance against pre-determined targets over time. However when deciding upon which processes need this sort of pro-active approach that will allow for process adjustments before the process goes out of control and which can be monitored and reacted to only when an out of control condition occurs, the organization needs to consider the potential impact on the final product.

As auditors we need to be flexible enough to understand when this form of monitoring is adequate and when a more documented target orientated approach is required. Critically the results such as final inspection rejects, customer returns, field failures and complaints must be evaluated and utilized to determine whether these decisions were correct and if not what changes need to be made. At least that is my interpretation, I would be interested to hear other approaches feel free to post your comments, I will try and respond to as many as possible.

During a recent audit I got into a fascinating debate as to whether an organization is required to track their own on time delivery performance to their customer as part of the requirements to be ISO 9001 compliant. Now first of all, I feel I must preface the term “fascinating” with the fact that I have been working in the quality arena for more than 15 years, so at this point my concept of fascinating may not meet everyone expectations, but here goes.

Let me summarize the differing positions, the organization had interpreted the requirements of the standard as there was no need to internally measure on time delivery performance, their policy was that if a customer felt that a delivery had been late then they would react to that concern via their internal customer concern process. However if the client did not raise any concerns then the organizations expectation was that there were no issues from the customer. My point was that this didn’t meet the intent of clause 8.2.1, as on time delivery performance is a key component of gauging customer perception and that from a purely business stand point it is not a very pro-active stance to assume all is well unless an issue is raised. The possibility being that a customer could be consistently receiving parts that are not meeting their expectations with regards to delivery performance. If having raised the concern a number of times and the situation does not consistently improve, then their perception of the organization may have deteriorated to a point where they are shopping for a alternative supplier, without the current supplier being aware that an ongoing issues exists.

Now if you study the wording in clause 8.2.1, it does not exactly require that delivery performance be tracked, it is referenced in the notes but in my opinion it is not a requirement of this clause. However, clause 8.1 does state that the organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed to demonstrate conformity to product requirements, if the customer considers delivery performance to be a product requirements does this clause require the internal measurement of delivery performance?

Of course there are a number of other factors that must be considered – what does the company produce, do they have monitoring activities in place that safeguard the customer? In my experience purchasing decisions are made based upon three basic criteria; Price, Quality and On time delivery performance. These are considered in varying ratios of importance depending upon the nature of the industry in which an organization operates. If on time delivery is a minor consideration to a customer then perhaps the regimented tracking of this is not so important to the management system, when it comes to management systems as we all know one size does not fit all, in the end the customer needs must be paramount. Unfortunately, deciphering what the needs are is not always as straight forward as it should be, but that’s another topic for different blog entry. I would be interested to read your comments on this subject and will respond to as many as possible.

By Bob Parsons, NQA Aerospace Business Unit Director

The AS9100C standard (also referred to as AS9100:2009) has been published but now what?  You are not alone if you are confused about what comes next.  Like you, most of our customers are in the process of trying to figure out how and when to roll out this standard within their organization and the following information should bring clarity to this subject.

If the standard is published, why can’t I get certified to AS9100C now?

Before any company can be certified to the AS9100C standard, the aerospace industry must complete these milestones:

• The AS9104-1 standard must be published (expected spring 2010)
• The AS9101D standard (checklist) must be published (expected Spring 2010)
• The AS9100C/AS9101D course for certification body auditors (NQA auditors) must be developed, vetted and made available for use by certification bodies (expected by 30 April 2010)
• Certification body auditors must attend this course, pass it, submit their applications to RABQSA and get approved (we expect that to happen over the summer and fall of 2010)
• NQA must submit an application to ANAB and then be audited before we can be accredited to perform audits to AS9100C (we expect that to happen early summer of 2010)

Once all of the above tasks are completed, NQA will be able to conduct audits to the requirements of AS9100 revision C.

As to when your company must transition to this new standard, all AS9100 audits after July 1^st, 2011 must be to AS9100C and that by July 1^st, 2012, AS9100B will cease to exist and all registrations for AS9100 must be to revision C of the standard.

Ok, what does that mean for my company?

In light of the timelines described above, what this means for our clients is this:

• Companies that want to upgrade during a re-assessment or surveillance audit between now and mid 2010 will be audited to AS9100B
• Companies that want to upgrade during a re-assessment or surveillance audit between mid 2010 and the end of 2010 may be able to be audited to AS9100C but that depends on the availability of auditors that have taken the AS9100C course
• Companies that want to upgrade during a re-assessment or surveillance audit after January 2011 should be able to be audited to AS9100C without any impediments
• All audits after July 1^st, 2011 must be to AS9100C
• All AS9100 registered companies must be registered to the AS9100C standard by July 1^st, 2012

If your company is currently registered to AS9100

Once you make the decision to upgrade to AS9100C during either a surveillance or tri-annual re-assessment audit, additional audit days will be required above and beyond those of your surveillance or re-assessment audit. The reason for the added days is that in addition to the regularly scheduled required audit days (surveillance or re-assessment), there must be additional time to assess your quality system against the new requirements of AS9100C. Please contact your NQA Client Support Representative to determine how many additional audit days are required for your company to upgrade to this new standard.

If your company is currently registered to a non-aerospace related standard (like ISO 9001:2008) or not registered to any standard at all

Please contact NQA Business Development so that we may determine the number of audit days required to upgrade your company to AS9100C.

What should I do next?

Before your company transitions to the AS9100C standard, you must complete the following steps (at a minimum):

• Implement the requirements of AS9100C into your quality management system
• Perform a gap analysis to identify potential problem areas
• Verify the implementation of your revised quality system by:
  • Conducting internal audits to this new standard
  • Conducting a management review of your revised quality management system
  • Ensuring appropriate personnel are competent on these new requirements
  • Identifying and implementing corrective actions so that your quality system addresses and adheres to the new requirements

A word of caution!

The AS9100B and AS9100C standards are very similar but there are some differences.  The AS9100C standard adds many new requirements and introduces a number of new terms that were not in AS9100B but it also omits a number of requirements.  For example, the requirement for an organization to periodically validate test reports for raw material is no longer required by revision C of the standard and for those AS9100 registered organizations that want to get a head start on revision C of the standard, these omissions can be problematic.

The reason this approach can cause a problem is that many companies that are currently registered to revision B of the standard have begun the process of implementing the additional requirements of revision C, a recommended course of action.  Care must be taken though since as mentioned above, not all of the requirements of revision B are also included in revision C.  Therefore, those requirements omitted from revision C must still be adhered to until your company has successfully passed an AS9100C audit by NQA.  Only then can you drop these requirements if you so desire.

Going forward and at your earliest convenience please let your CSR and/or auditor know your intentions regarding an upgrade to AS9100C.  In the interim, we are recommending that you begin familiarizing yourselves with the requirements of AS9100C.

If you have any questions feel free to contact NQA’s Aerospace Business Unit Director, Bob Parsons, at RParsons@nqa-usa.com or at 978-635-9256 ext. 233.

I spent the week working on the new NQA-USA customer portal site which we are hoping to launch in the late summer of 2010. After months of preparation we finally got our first look at the test site and even if I do say so myself, it is looking really good. Simple to navigate and all pertinent information is easily accessible, the team here is really excited about it. Initial functionality is going to be somewhat limited while we try and iron out some of the more complex interfaces. Even so upon launch our customers will be able to view their current and past audit history, view NQA news and events, download copies of previous audit reports and current certificates as well as upload corrective actions, complete online surveys, request CSR contact, file a complaint and request audit dates.

Our vision is to continue to develop this portal to include full non conformity management together with real time trending and analysis, facilitate access to accounting information and client only content, such as webinars and training tools. However what we are not planning to do is ever move away from the single point of contact which is what at the very heart of what we at NQA believe to be is good old fashioned customer service.

These customer portals and web based interfaces are great tools and can provide a wealth of easily accessible information, but there is no substitute for being able to pick up the phone and speak to your designated client support representative.

NQA is proud to announce that Larry Tibert, the Environmental, Health and Safety Business Manager has achieved Lead Auditor status from the International Cyanide Management Institute (ICMI). This status allows for the independent third-party audits of mining operations, cyanide producers and cyanide transporters.

The Cyanide Code is a voluntary program for companies engaged in the production of gold by the cyanidation process, as well as manufacturers and transporters of cyanide used at gold mines. The Code is performance based and provides guidance for best practice in the use and management of cyanide.

The Code has earned the support of several prominent organizations. The G8 nations, an international forum for the governments of Canada, France, Germany, Italy, Japan, Russia, the United Kingdom and the United States, in 2007  recognized the Code as one of several certification systems that are suitable instruments for ”increasing transparency and good governance in the extraction and processing of mineral raw materials.” The World Bank’s International Finance Corporation (IFC), which provides lending for mine development projects, has voiced its support for the Code by requiring its gold mine borrowers to use cyanide in a manner consistent with the Code.

To date, 57 companies have become signatories to the Code (21 mining companies, 12 cyanide producers, 24 transporters), covering 147 operations in 35 countries on six continents.

Please contact Larry Tibert at 800-649-5289 or ltibert@nqa-usa.com to discuss this new offering.