The requirements for Internal Audits in ISO 9001 can be also considered to have the 4 phases: “Plan, Do, Check, and Act Cycle” (PDCA), in the same manner as the Quality System. When preparing for an organization’s first audit program, emphasis is usually placed on the individual’s planning for their internal audit assignment. However, for that planning to be successful, consideration must be given to where and when the audit should be performed. In this, the second newsletter to look at Internal Audits, we discuss scheduling.

Death and Taxes

 Ben Franklin wrote “The only two certainties in life are death and taxes.” And, for those of us who are responsible for determining when and where to internally audit the Quality Management System, that’s a very true statement, because, when it comes to determining the plan for internal audits, there is very little that’s predictable about what should be audited, and when. Although it’s usual to put together a 12 month calendar, which identifies processes, departments or similar, which are going to be the focus of a ‘cycle’ of audits, often we miss what’s keeping management ‘awake at night’.

Ben Franklin’s advice was, in actual fact, only partially true because when considering an audit schedule, there are some “Immovable Feasts” or dates which relate to an organization’s planned events, which may include:

• Seasonally related activities – harvesting, vacation coverage, etc
• Certification Body Audit visits (once registered)
• Regularized Customer visits
• Regulatory Audits/inspections
• Product Certification surveillance visits

In all other respects it is difficult to predict – without a crystal ball – which part(s) of the Quality Management System should be audited and when, particularly 6 -12 months in advance. Although it is normal to construct a calendar, there is no actual requirement to do so in ISO 9001.

Indeed, the previous guidance document, ISO 9004:2000 stated (in part)“Planning for internal audits should be flexible in order to permit changes in emphasis based on findings and objective evidence obtained during the audit.”

Start As You Mean To Continue – NOT!

In the early stages of implementing a QMS, based on ISO 9001, it is usual and very natural to ensure that all the ISO 9001 requirements have been internally audited. No organization should enter into the ISO certification process knowingly, without ensuring that their whole system is, in fact, implemented as a network of connected processes and is producing the desired results, as defined. It is likely that to attain that level of preparation, auditors will do one huge audit or a number of smaller audits, performed over s relatively short time frame of just a few months.

Once the Quality Management System has been determined to be in compliance with the ISO 9001 requirements, it is unlikely that the same audit strategy is going to be suitable and effective to sustain the needs of the organization in the future. The challenge is to use audits for a higher purpose than preparing for a Certification Body ‘stage1’ or ‘stage 2’ audit. If we consider a graph of QMS maturity over time we can see that an internal audit programme must also follow the maturity of the system, to be capable of providing the information the organization’s management will need. Put simply, telling Management that their people “weren’t following procedures”, isn’t going to cut it!

With the movement of management systems standards to incorporation of risk and risk management, clearly, internal audit programmes will also be required to ‘step up’. The newest version of the auditing guidance document, ISO 19011 has a significant addition of risk:

“This International Standard introduces the concept of risk to management systems auditing……It does not provide specific guidance on the organization’s risk management process, but recognizes that organizations can focus audit effort on matters of significance to the management system.”

Risk is a concept which is often kept in the forefront of management’s collective mind. Risks are normally associated with:

• People
• Products
• Process

And, since events, actions and timeframes which are co-incident with the risk are often also on management’s mind too, it follows that for internal audits to be a useful tool, management – the risk ‘owners’ – must be involved in the timing, scope and criteria used for those audits, to ensure the correct parts of the business fall under the spotlight.

Push You or Pull Me?

Compliance based internal audit programmes rely on the audit process owner pushing the schedule/calendar, timing, scope etc. of audits, to management. This is fine in the phases before and immediately after formal implementation and Certification of a management system. Once beyond that, a pull system should be used, where management actively seek the ‘services’ of the audit programme, to evaluate risk and assist with risk mitigation. This change from push to pull has already been demonstrated as effective, under the ‘Demand Flow’ techniques of the Toyota Production System – which allows flexibility in scheduling, economies and effective/efficient manufacturing in response to customer demand.

Of course, in changing the manner in which audits are scheduled may lead to changes in other aspects of the Quality Management System, in particular, the cornerstone ‘Management Review’ activities. In the next newsletter, we’ll evaluate what options are open to make Management Review one of the most productive requirements of ISO 9001.

NQA’s Director of Conformity Assessment will be presenting at this year’s International Conference on ISO 9000, to be held February 26, 27, and 28 in Orlando, FL at the Hyatt Regency Grand Cypress.

Business Continuity Plans are hitting close to home for many organizations now. Seemingly an ever-increasing number of both minor and major incidents can serve to disrupt normal operations. Many organizations think they have this covered with existing disaster recovery plans. However, one weakness of a singular plan is the lack of effectiveness when it comes time to actually put the plan to use. The recent deployment of the PS-Prep(tm) program by the Department of Homeland Security was targeted at giving the private sector a stronger model using several best-in-class standards.

For more information on the International Conference on ISO 9000 and to register to attend, visit their website: www.iso9000conference.com. Be sure to stop and visit us in the NQA booth as well to speak with both Tim Woodcome and Randy Pittman.

A big “Thank You” to all those who attended NQA’s recent West Coast Conference 2012.  More than 150 participants filled the sessions varying in topics such as AS9100 Lessons Learned, ISO 9001 Internal Audits: A Risk Based Approach, Information and IT Management Systems: Minimizing Risks and Gaining and Edge through a Standardized Process Management Approach, and ISO 13485 Implementation. Additional topics included Counterfeit Parts Prevention, PS Prep/Business Continuity, and ISO 14001 Review.

NQA staff members and Lead Auditors presented relevant industry information during each session, then fielded questions and led discussions. NQA President, Kevin Beard commented, “Many organizations say they are compliant to the requirements of ISO 9001 and other standards, but world-class organizations continue to look for improvements.  It’s important to continue to raise these topics for discussion, and to encourage idea sharing in sessions such as these.”

The general consensus was a positive reaction to the day’s proceedings, with many attendees enjoying the opportunity to learn first-hand from NQA along with the chance to meet other ISO-certified organizations. Alan Lenny, Quality Manager with ThyssenKrupp Aerospace commented, “I would like to express my deep gratitude for inviting me to this conference and my appreciation for the information shared.  I went to the conference with the goal to glean as much as possible about AS9100 C and assuage my fears and anxieties, and Bob provided a great presentation to help me feel more comfortable.  But I really appreciated Andy’s presentation on risk based internal audits.  His presentation opened a new way of thinking for me on internal audits helping me break down paradigms I helped create many years ago.  This is a turning point for me and my organization.”

NQA looks forward to hosting another west coast conference in 2013.

by Nadia Perreault, NQA Lead Auditor

It is not unusual for NQA-USA’s Business Development Group to receive weekly inquiries about the application of the ISO 13485 Standard in specific business environments.  In some cases the ISO 13485 Standard would be an addition to an existing certification, in other cases the motivation could be internally driven or customer dictated.  Regardless of the incentive, many companies have seen the benefits of achieving an ISO 13485 certification.   The NQA-USA ISO 13485 certified companies cover a wide range of businesses.   For example, NQA has certified raw material suppliers, manufacturers of electrical components, manufacturers of tumor marker antigens and antibodies, packagers of dental implants and manufacturers of partially finished hips and knees.  The following three customers share their reasoning for obtaining ISO 13485 registration and explain the benefits that they’ve experienced.

Biomedical Structures (BMS), located in Warwick, RI, was funded in 2003.  When they received their ISO 13485 certification in 2008, their sales were approximately 1.2 million.  By 2011 BMS had increased their business by 358%. This growth was “very surprising given the business climate and the economy” stated Kevin Johnson, Director of Quality & Regulatory affairs. The management of BMS went on to say “this growth is perceived to be due to the growing awareness and understanding of the capabilities of textiles in the area of Orthopedic and Cardiovascular applications.”  The BMS management says “business growth was directly related to positive impressions that our customers recognized by us obtaining certification to ISO 13485.”  They go on to say the specific benefits are:

“•  Quality Management System which maintains compliance to the requirements of the medical device industry and is in line with the FDA QSR standards.

•   Improved manufacturing controls and procedures that ensure safe and effective medical devices.

•   Greater assurance that product will continue to meet customer specifications.

•   Improved Risk Management and Design Controls to assist customers in the development and improvement of their products.

•   Improved efficiency in assisting customers obtain market clearance and approval to meet aggressive sales and marketing goals.”

The scope for Arkadia Plastics, located in New Britain, CT is “Design and development of thermoplastic compounds for medical and non-medical applications” had initially become ISO 9001 certified and in 2010 elected to upgrade to ISO 13485 to appeal to the medical device industry.  Kate Bouras, the Management Representative and Office Manager for Arkadia states “Without a doubt the implementation of ISO 13485:2003 has contributed to the efficiency, productivity and consistency of our organizational system. The confidence of the existing customers has been increased resulting in a 30% increase of sales. In addition the certification constitutes a key factor to the approach of new customers since over 10 medical companies have added Arkadia Plastics to their Approved Supplier List after our registration. Being ISO 13485 certified gives us the opportunity to survive and expand in the really competitive environment of the medical industry.”

New England BioLabs (NEB), located in Ipswich, MA are currently ISO 9001 and ISO 14001certified.  They have recently successfully completed their ISO 13485 Stage 1 audit, and will have their Stage 2 mid-February.  The NEB scope is “The design, development, production and distribution of molecular biology and related reagents, in both standard and custom formats, for applications in both academic and industrial research.”

John Pelletier, the Director of OEM and Customized Solutions, is looking forward to announcing  states “the enhancement of our Quality Management System towards the ISO 13485 Quality Standard with NQA as our registrar. We view ISO13485 certification as an essential element to serving our customers with the highest level of product quality and service they have come to expect from NEB over the last 37 years.  This more stringent quality standard will also provide a stronger platform by which our various teams collaborate with customers to address market needs from a number of perspectives – including customer satisfaction, product development, regulatory compliance, and risk mitigation – all of which will ensure NEB continues to operate from the strongest position possible in meeting the needs of our existing customer base, and our growing customers in the Molecular Diagnostics arena, for many years to come.

Lance Goodreau, the Director of Quality Management Systems states “New England Biolab’s decision to become ISO 13485 certified is fueled by our long established history and passion for providing our customers with the very best products and service in the Life Sciences Industry.  Our customer base is continuously broadening the spectrum of applications served by our product portfolio.  This currently includes Molecular Diagnostics, or other similar platforms, which may be regulated as medical devices.  By complementing our existing ISO 9001 Certification with ISO 13485 it has helped NEB to appropriately position our Quality System to meet the expectations of all of our customers and their various scientific or commercial applications.  Additionally, it is has enabled us to identify and yield several internal efficiency opportunities that were recognized through the planning and implementation efforts.”

If you’re considering an ISO 13485 registration to improve efficiencies, meet customer requirements or to gain a competitive edge, please contact Kirsten Smith, Director of Business Development, for more information at KSmith@nqa-usa.com or (978) 635-9256 ext. 223.

Lynnda Nelson, President, The International Consortium for Organizational Resilience (ICOR)

What Is PS-Prep Certification?

The Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) is designed to encourage private sector preparedness by assessing whether an organization complies with one or more of the standards adopted by the Department of Homeland Security (DHS). The program is based on established conformance assessment processes widely used in business and industry.

PS-Prep provides the structure and associated information tools to facilitate preparedness and certification. Conformance with one or more of the standards helps foster resilient organizations.
In June 2010, three non-industry specific standards were identified and accepted for compliance to meet the requirements established in Public Law 110-53. DHS defines the standards as a “common set of criteria for preparedness, disaster management, emergency management and business continuity programs.”

Click here to continue reading this article on the Continuity Insights web page.

Interstate Specialty Products Attains Certification for Medical Device Quality Standard ISO 13485:2003Interstate Specialty Products attains the certification ISO 13485:2003 certification that is a standard specific to medical device quality systems that supplements the requirements ISO 9001:2008 standard. Interstate Specialty Products provides precision custom die cutting services and high performance gaskets.

via Interstate Specialty Products Attains Certification for Medical Device Quality Standard ISO 13485:2003.

The food industry is not unfamiliar with risk management. The management of food safety risks is a requirement of legislation in the US, Europe and indeed in most countries of the world.

All participants in the food chain have a duty of care to all who will actively (or by chance); consume finished products of which they might have had an input, at some point, from farm to fork.

The hazards we have to deal with throughout the food chain and the life cycle of food products cannot be managed at singular points of interest in the supply chain only. Modern food safety legislation and consumer expectation place a duty on players in the food chain to ensure food safety competence of their supply chain. The singular most effective methodology for achieving this is by the implementation of a food safety management system (FSMS).

Food Safety Management Systems

An FSMS is a framework that involves policies, procedures, work practices and organizational behavior, among others, that enable an organization to manage a predetermined commitment to food safety. This system will be established on a technical backdrop of legislative compliance and (usually) a HACCP based risk assessment regime.

Because FSMS are set up to provide assurance of effective control of food safety risks, industry practice is to get such a management system certified by an independent third party organization. The certification process will almost always involve an audit where company processes are sampled and checked in depth to provide confidence that the system meets established industry best practice requirements. These requirements are usually set out in food safety management standards (FSMst).

Various FSMst are in place in various parts of the world. These standards could be national, industry interest group focused, private or supranational as the ISO standards represent. ISO standards are developed by the International Organisation for Standardization (ISO), the premier standards setting body in the world. They establish the baseline of best practice for the subject they address. ISO22000 is the ISO’s flagship standard for food safety.

ISO 22000 – Requirements for any organization in the food chain

ISO 22000 is founded on four major elements:

• Interactive communication
• System management
• Prerequisite programs
• HACCP Principles

While many food industry standards are product certification standards, providing a system that is based on managing the product; ISO 22000 like all other ISO standards is based on system process management. This has its foundations in the Total Quality Management philosophy that focuses on ‘the process approach’ to achieve product consistency, quality and safety. In reality however, all industry standards now tend to address both the product and process approach with varying emphasis.

ISO 22000 is the only FSMst that is applicable to ANY organization in the food chain. This includes farming, processing, manufacturing, feed production, retailing and wholesale, distribution, food chain related services, transport and storage, equipment manufacture, biochemical manufacture and the manufacture of packaging materials among others.

FSSC 22000 – An ISO 22000 based standard for food manufacturers

In the year 2010, the Global Food safety initiative, a body of leading manufacturers and retailers that benchmarks food safety standards approved FSSC 22000 through it benchmarking process, making it an alternative certification to the BRC Global Standards for food safety, IFS, SQF and the Dutch HACCP among others. FSSC 22000 in its simplest expression is ISO 22000 + PAS 220 (Publicly Available Specification on prerequisite programs for food manufacturing) + Additional scheme requirements.

This scheme is available only to food manufacturers and has registered over 300 sites worldwide within its first year; as it is a system certification standard it integrates seamlessly with environmental management system (ISO 14001) and quality management system (ISO 9001).

Root Cause Problem Solving: Methods and Tools WebinarTwo eight-hours sessions, Nov. 7–16, 2011, and Nov. 9–18, 2011

via Root Cause Problem Solving: Methods and Tools Webinar | Quality Digest.

The International Aerospace Quality Group (IAQG) deadline for companies to transition from the current revision of the aerospace standard to the newest revision is nearly upon us. What that means is that by July 1st, 2012 every company registered to the AS9100, AS9110 and AS9120 standards must have successfully undergone a transition audit by NQA to the requirements of the newest versions of these standards resulting in the issuance of a new certificate.

By successful, that means that after you have completed the audit, you have responded to any non-conformances with root cause analysis and corrective action, and have verified the effective implementation and closed out that corrective action. From there, NQA personnel will verify that your response to the corrective action is sufficient. At that point, based on your response to the non-conformance, NQA will make a “certificate decision” to grant continued registration and issue a new certificate for the new standard.

Historically, it takes approximately 3 – 4 weeks from the end of an audit for the customer to determine a root cause, implement corrective action, verify the effectiveness of actions taken, forward that information to NQA and for NQA to review all of the associated documentation and objective evidence and make a decision to issue a new certificate or not.

This brings us back to the industry imposed deadline of July 1st 2012. Since it can take up to a month from the last day of an audit to the date on which a new certificate is issued, all organizations that have not transitioned to the newest versions of AS9100, AS9110 or AS9120 must complete their audits by June 1st, 2012. After that date, it cannot be assured that a new certificate can be issued by the July 1st deadline. If a new certificate is not issued by the deadline, in accordance with IAQG rules, a company is no longer considered registered and will have to begin the registration process all over again to include a new Stage I and Stage II audit.

This is all compounded by the fact that there is a shortage of qualified aerospace auditors worldwide. Though NQA employs a significant number of aerospace auditors throughout the country, the additional time required to conduct audits to the new standards combined with our explosive growth over the past 5 years has stretched our auditor resources, making it all the more important that our customers get their transition audits scheduled right away.

The “just around the corner” July 1st deadline and length of time it takes from the end of an audit to the issuance of a new certificate, compounded by the relative shortage of aerospace auditors has created a perfect storm. The best way to weather that storm is to make sure your transition audit to the newest version of the AS9100, AS9110 or AS9120 standard has been scheduled and is to be conducted before June 1st, 2012. You can do this by contacting your Client Support Representative Leslie Palmer at LPalmer@nqa-usa.com

Houston Police Department ISO 9001:2008 Presentation

October 12, 2011 – Houston Mayor Annise Parker and Police Chief Charles A. McClelland Jr. announced today Wednesday, Oct. 12 that two divisions within the Houston Police Department received international recognition for improved quality management standards and a continued commitment to enhance the quality of services provided by the police department.The HPD Property and Emergency Communications Divisions have received the prestigious International Organization for Standardization ISO 9001:2008 certification. HPD is the only law enforcement agency in the United States to receive this certification in two divisions.

ISO is a worldwide set of quality standards established by the Geneva-based International Organization for Standardization. Certification under ISO 9001 indicates soundness of processes and procedures and is considered a prestigious mark of quality. ISO 9001 certification requires the following principles:

• Customer Focus
• Leadership Commitment
• Involvement of Stakeholders (employees)
• Process Approach
• System Approach to Management
• Continual Improvement
• Factual Approach to Decision Making
• Mutually Beneficial Supplier-Customer Relationships

Business Enterprise Mapping Inc. (BEM) guided HPD in the implementation of the quality management system and achieving international standards certification. National Quality Assurance (NQA) will conduct periodic audits to ensure continued conformance to ISO standards.

“HPD’s Property and Emergency Communications Divisions deserve this recognition for the hard work they’ve put in to streamline processes and ensure proper procedures,” said Mayor Parker. “Efficiency has always benefited the City of Houston, and this is no exception. We are saving money by eliminating redundancies and thinking strategically and logically. I’m very proud of HPD for this accolade,” she added.

Chief McClelland said,”We are constantly examining ourselves and looking for efficiencies because our resources are very precious. This certification indicates we are following best practices in the industry and we’re the leaders,” the Chief said. “All the credit goes to the men and women in uniform here today for this significant achievement,” added Chief McClelland.

HPD has determined the ISO quality management system model provides the ideal framework to further the commitment for continual improvement in serving the needs of the community.

Update: JKS/JFC 10-12-11
VHS/JFC 10-5-11
Inc. #128781211

via Two HPD Divisions Receive Prestigious Certification.