e-Newsletter

 
September, 2005

Visit and bookmark our web site today: http://www.WhittingtonAssociates.com

This e-Newsletter is in HTML format and may not be displayed properly by some email programs. Please click on our web site address above to see the e-Newsletter with its proper formatting.
September Articles
 		On-Site Classes

ARTICLES: Click on a title to jump to the article:

1. How to Audit Preventive Action

2. Southeastern Quality Conference

3. Switch to ANAB Marks by YE2005

4. RC14001: Certify Headquarters by YE2005

5. ISO 10005 Guidelines for Quality Plans

6. ISO 22000 for Food Safety Systems

7. Classes: September, 2005 - November, 2005

To see previous articles, go to Newsletter Archives.

To avoid this newsletter being rejected, or placed in a junk folder, please add <Larry@WhittingtonAssociates.com> to your address book or accepted list.


Call us at 1-800-404-7585 for any of these 1-day onsite classes:
  • ISO 9001:2000 Requirements
  • ISO 14001:2004 Requirements
  • ISO/TS 16949:2002 Requirements
  • AS9100:2004 Requirements
  • ISO 9001:2000 Auditor Update - The Process Approach
Click here to see our public class schedule.
 
BOOKS: See recommended ISO 9001, Auditing, and Six Sigma books at:
http://www.whittingtonassociates.com/v2/books.shtml
Atlanta Classes

Enroll and pay for an Atlanta class at least 30 days in advance of the class and receive a 10% discount.
Students at previous Atlanta classes receive a 20% discount on future Atlanta classes.
ISO 17799:2005 - Information Security
ISO 9001:2000 - Quality Systems

ISO 17799 Understanding an Information Security Management System
October 24-25, 2005

BS 7799-2 Information Security Management System Auditor
September 12-16, 2005
November 14-18, 2005

ISO 17799 Information Security Management System Implementation
September 19-23, 2005
December 5-9, 2005


ISO 9001:2000 Lead Auditor
October 17-21, 2005
December 12-16, 2005

ISO 9001:2000 Internal Auditor
September 27-29, 2005
November 29-December 1, 2005

Understanding ISO 9001:2000 Requirements
November 14, 2005

Quality System Documentation
November 15-16, 2005

Implementing ISO 9001:2000
November 17-18, 2005 
ISO 14001:2004 - Environmental Systems
 Six Sigma


Understanding ISO 14001:2004 Requirements
November 7, 2005

Implementing an Environmental Management System
November 8-9, 2005

EMS Internal Auditor
September 10-11, 2005

EMS Lead Auditor
September 26-30, 2005 

Introduction to Statistics
September 14-16, 2005
October 10-12, 2005

Green Belt Certification
September 14-16, 2005
October 10-12, 2005
Black Belt Certification 
Group 18 (3 weeks): November 7-11
+ December 5-9  +  January 16-20

1. How to Audit Preventive Action

The ISO 9001 Auditing Practices Group has 24 papers posted at its section of the ISO web site. This article is an edited version of their paper on Auditing Preventive Action.

There is often confusion on the differences between correction, corrective action, and preventive action. Correction is the action to eliminate a detected nonconformity, e.g., reworking or regrading a product so it becomes conforming. Corrective Action is the action to eliminate the cause of a detected nonconformity to prevent its recurrence.   Preventive Action is the action to eliminate the cause of a potential nonconformity to prevent its occurrence.
 
So, preventive action can be considered as an action taken to prevent a nonconformity from happening. However, if there is no nonconformity to start with, and if the preventive action is effective, the status quo will be maintained. This raises the difficulty of auditing a process for which the desired output is to maintain the status quo.
 
Auditing an organization’s correction and corrective action processes is relatively straightforward, because the results and effectiveness of these processes are usually well defined. If the organization has already identified a nonconformity, it should be simple for an auditor to evaluate the process the organization used (or is planning to use) to correct it, and whether or not this will be effective in avoiding re-occurrence of the nonconformity. However, auditing preventive action processes is usually more complex. 

Auditing Guidance
 
1) ISO 9001:2000 requires the organization to have a documented procedure for preventive action.
 
Combining the documented procedures for corrective action and preventive action into a single document is acceptable, but is not recommended. If they are combined, then it is important for the auditor to verify that the organization clearly understands the difference between the intent of corrective action versus preventive action.
 
2) ISO 9001:2000 requires this documented procedure to include: 

   a) How the organization determines potential nonconformities and their causes.

Typical examples include:

  • Trend analysis for process and product characteristics (output from the data analysis process). A worsening trend might indicate that if no action is taken, a nonconformity could occur.
  • Alarms to provide early warning of approaching "out-of-control" operating conditions.
  • Monitoring of customer perception by formal and informal feedback systems.
  • Analysis of trends in process capability, using statistical techniques.
  • Ongoing failure mode and effects analysis for processes and products (e.g., this is a requirement of ISO/TS 16949 for the automotive industry).
  • Evaluation of nonconformities that have occurred in similar circumstances, but for other products, processes, or other parts of the organization.
  • Through planning activities for both predictable situations (e.g., due to expansion, maintenance, or personnel changes) and for unpredictable situations (e.g. naturally occurring problems such as hurricanes, earthquakes, and floods).
  • ISO 9004:2000 clause 8.5.3, Loss Prevention, provides other examples (this guidance is not mandatory).

   b) An evaluation of the need for preventive action.

    Methods used in the evaluation could include:
  • Risk analysis approaches
  • Failure mode and effects analysis, as mentioned in (a) above.
    Note: Neither of these specific approaches or methodologies are requirements of ISO 9001:2000.

   c) How the organization determines what action is required, and how it is implemented.

    An auditor should look for evidence that:
  • the organization has analyzed the causes of potential nonconformities (use of cause and effect diagrams and other quality tools may be appropriate)
  • the required actions are deployed in all relevant parts of the organization, and in a timely manner
  • there are clear definitions of the responsibilities for the identification, evaluation, implementation, and review of preventive actions

   d) Records of the results of the actions taken

  • What records are kept?
  • Are they appropriate, and are they a true reflection of the results?
  • Are they being controlled in accordance with ISO 9001:2000 clause 4.2.4?

   e) A review of the preventive actions taken

  • Were the actions effective (i.e., was a nonconformity prevented from occurring and were there any additional benefits)?
  • Is there a need to continue with the preventive actions the way they are?
  • Should they be changed, or is it necessary to plan new actions?

3) There is often significant “philosophical” discussions between the auditor and the organization about where corrective action ends, and where preventive action begins. For example, if a nonconformity is detected in process “A”, are actions taken to avoid future nonconformities in processes “B”, “C”, and “D” preventive actions, or simply within the scope of the corrective actions taken for process ”A”? The auditor should avoid being “side-tracked” by these discussions, and concentrate on whether or not the actions were effective. The “labeling” of the actions taken is of secondary importance! 


The I SO 9001 Auditing Practices Group includes a disclaimer with the papers that they have not been subject to an endorsement process by the ISO, ISO/TC 176, or IAF organizations. The group also states that the information is available for educational and communication purposes, and that they do not take responsibility for any errors, omissions, or other liabilities that may arise from the provision or subsequent use of such information.

2. Southeastern Quality Conference

The 25th Annual Southeastern Quality Conference will be held at the Cobb Galleria Centre in Atlanta, Georgia on October 31 - November 1, 2005. The conference is sponsored by the American Society for Quality (Atlanta Section 1502), Institute of Industrial Engineers, and Georgia Tech Economic Development Institute.

Thirty speakers in multiple conference tracks will present quality subjects across a variety of industry sectors. The price is only $275 (if registered before September 19, 2005) and includes lunch both days. See the conference brochure in PDF format at <http://www.asqatlanta.org>.

A partial list of the thirty speakers includes:

  • Larry Whittington - ISO 9001:2000 Document and Record Control: Basic Requirements and Industry Views

  • Larry Wilson - Latest News on ISO 9001 and ISO 9004

  • Carina de Gorostiza Wise - Challenges after ISO 9001:2000 Transition

  • Derek Woodham - Leading the Lean Journey

  • Ed Gardner - The Practitioner's Guide to System Process Inspection

  • Baskar Kotte - Practical Difficulties in Implementing ISO/TS 16949:2002

  • Joe Blount - A Process Approach to Improving Customer Service

  • Sam Frame - 5-Ups: A Systematic Approach to Customer Satisfaction

  • John Merryman - Combining Lean & Six Sigma in Manufacturing

  • Stephen Mayfield - Applications of Lean and Six Sigma in Healthcare

  • Scott Duncan - A "No Excuses" Software Development Methodology

You can see the abstracts for these and other conference sessions at: <http://www.asqatlanta.org>. Please contact Larry Aft at 404-786-1541 or <laft@bellsouth.net> to register for the conference.
3. Switch to ANAB Marks by YE2005

Beginning this year, a single new ANSI-ASQ National Accreditation Board (ANAB) mark replaced the ANSI-RAB NAP mark on accredited certificates, marketing material, stationery, etc. The transition to the ANAB accreditation mark must be completed by the end of this year. This requirement is described in ANAB "Heads Up" - 41:

1. If new material to replace existing material bearing an ANSI-RAB NAP accreditation mark is produced for use on or after January 1, 2005, the new material shall include the ANAB mark instead of the ANSI-RAB NAP mark.

2. Any existing material bearing an ANSI-RAB NAP accreditation mark shall not be used after December 31, 2005, that is, after a one-year transition period.

3. A registered organization may use the ANAB accreditation mark only in conjunction with the EMS or QMS accredited CB’s mark on the organization’s stationery and literature, and in its advertising, subject to the conditions in this advisory and to the CB’s conditions for use of its mark.

4. The ANAB accreditation mark shall be reproduced:
    a. in black or in blue (PMS 2935 or equivalent)
    b. in a size which makes all features of the mark clearly distinguishable.
    c. without distortion of its dimensions.

5. When using the ANAB accreditation mark, its size must not exceed the size of the CB’s mark.

6. An organization may not place the ANAB accreditation mark in isolation from the CB’s mark.

7. An ANAB accreditation mark shall not be used by an ANAB-accredited CB on any document unless the document relates in whole or in part to registration activities of the CB, which are accredited under the ANAB. This would not preclude an ANAB accredited CB from including the accreditation mark on its preprinted letterhead paper.

8. ANAB’s accreditation mark shall not be used on a product or in such a way as to suggest that the CB and/or ANAB have certified or approved any product, process, or service of a registered organization, or in any other misleading manner. If larger boxes, etc., used for transportation includes the mark(s), a statement must be included. This could be a clear statement that “(This product) was manufactured in a plant whose quality/environmental management systems are certified/registered as being in conformity with ISO 9001, AS9100, ISO 14001 (specific standards)”.

To see other Heads Up and Advisories, go to: <http://www.anab.org>.

4. RC14001: Headquarters Certified by YE2005

Since 1988, the U.S. chemical industry, through the American Chemistry Council, has implemented Responsible Care, a voluntary program to achieve improvements in environmental, health, and safety performance beyond the levels required by the U.S. government. The program has resulted in:
  • significant reductions in releases to air, land, and water; 
  • major improvements in workplace and community safety; and
  • expanded programs to research and test chemicals for potential health and environmental impacts.
The Responsible Care Management System provides a structured framework to help companies assess their needs, set specific performance goals, and share their progress with the public. A key component of the management system is mandatory certification by independent, accredited auditing firms.
 
Every Responsible Care company is required to certify that a management system has been put in place and must demonstrate progress toward improved performance. To obtain certification, companies undergo headquarters and facility audits conducted by independent, accredited auditing firms.

Companies may choose from two certification options:

(1) RCMS certification, which verifies that a company has implemented the Responsible Care Management System; or
(2) RC14001 certification, which combines RCMS and ISO 14001 into a single, more cost-effective process.

All Responsible Care companies are required to have completed headquarters certification by December 31, 2005, and initial facility certification by December 31, 2007. Thereafter, certification will be renewed every three years. A new cycle of certification audits will begin in 2008.

A combined certification audit option (Headquarters and Facility Combined Audit) is available only to small companies with headquarters and facilities that are "co-located" or that have headquarters with "minimal" Responsible Care activities. This audit option must be completed by December 31, 2006.

The Responsible Care 14001 Management System Technical Specification aligns Responsible Care Codes of Management Practices elements with those from ISO 14001, helping companies to better understand what is needed to meet the requirements of both standards.

RC14001:2005 was issued this year to incorporate the changes in ISO 14001:2004. In addition, RC14001:2005 added new security requirements. The EMS has expanded to become an "Environmental, Health, Safety, and Security" Management System. Responsible Care organizations must now perform security vulnerability assessments to consider the intentional or willful impact to the environment, health, or safety.   

To order single user copies (Product ID# 610474D), call ACC's Store at 301-617-7824 or order online under Software-Responsible Care. For multi-user or multi-site copies, call ACC's Publications Manager at 703-486-2992.

The Responsible Care 14001 Management System Technical Specification (RC14001) also readily permits accredited registrars to evaluate a company’s system against both sets of requirements in a single audit process, issuing a special Responsible Care ISO 14001 certificate. For more information, go to the ACC web site at <http://www.americanchemistry.com> and the RC web site at: <http://www.responsiblecare-us.com>.
5. ISO 10005 Guidelines for Quality Plans

ISO 10005:2005 provides guidelines for the development, review, acceptance, application, and revision of quality plans. It is applicable whether or not the organization has a management system in conformity with ISO 9001.

ISO 10005:2005 applies to quality plans for a process, product, project, or contract, as well as, any product category (hardware, software, processed materials and services) and any industry. It is focused primarily on product realization and is not a guide to organizational quality management system planning.

You can order an e-Standard version of ISO 10005:2005 at the ANSI web site by clicking here. The price is $81.00.

6. ISO 22000 for Food Safety Systems

ISO 22000:2005, "Food safety management systems – Requirements for any organization in the food chain", is intended to allow all types of organizations within the food chain to implement a food safety management system. These organizations range from feed producers, primary producers, food manufacturers, transport and storage operators and subcontractors to retail and food service outlets, as well as, related organizations such as producers of equipment, packaging material, cleaning agents, additives, and ingredients.

This new standard has become necessary because of the significant increase of illnesses caused by infected food in both developed and developing countries. In addition to the health hazards, food-borne illnesses can give rise to considerable economic costs covering medical treatment, absence from work, insurance payments, and legal compensation.

Developed with the participation of food safety experts, ISO 22000 incorporates the principles of HACCP (Hazard Analysis and critical Control Point) system for food hygiene. Food safety management systems that conform to ISO 22000 can be certified although the standard can be implemented without certification of conformity, solely for its benefits.

While ISO 22000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and companies already certified to ISO 9001 will find it easy to extend this certification to ISO 22000. To help users, ISO 22000 includes a table showing the correspondence of its requirements with those of ISO 9001:2000.

ISO 22000:2005 is the first in a family of standards that will include:
  • ISO/TS 22004, Food safety management systems – Guidance on the application of ISO 22000:2005, which will be published by November 2005, provides important guidance that can assist organizations, including small and medium-sized enterprises, around the world.
  • ISO/TS 22003, Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems, will give harmonized guidance for the accreditation of ISO 22000 certification bodies and define the rules for auditing a food safety management system as conforming to the standard. It will be published in the first quarter of 2006.
  • ISO 22005, Traceability in the feed and food chain – General principles and guidance for system design and development, will shortly be circulated as a Draft International Standard. ISO is also preparing an easy-to-use checklist for small businesses and developing countries, titled ISO 22000: Are you ready?

7. Class Schedule:
September, 2005 - November, 2005

To enroll in these public classes, you can click on the course title, go to Class Schedule at our web site, or call us at 800-404-7585.

Classes taught by Larry Whittington are shown in yellow.

ISO 9001:2000 Lead Auditor (RABQSA Certified) - BSI Management Systems
Initial course version developed by Larry Whittington 
September October November
12-16  Chicago, IL 03-07  Reston, VA
 07-11  Detroit, MI
19-23  Pittsburgh, PA 17-21  Atlanta, GA
 14-18  Roanoke, VA
26-30  Phoenix, AZ 17-21  Houston, TX
 14-18  San Jose, CA
  - -
 24-28  San Diego, CA
 28-02  Reston, VA
  - -
 31-04  Orlando, FL
   - -

ISO 9001:2000 Internal Auditor (RABQSA Certified) - BSI Management Systems
Initial course version developed by an Associate at Whittington & Associates
September October November
27-29  Atlanta, GA 11-13  Roanoke, VA
 01-03  San Diego, CA
27-29  Memphis, TN 18-20  Reston, VA
 15-17  Chicago, IL
  - -
   - -
 29-01  Atlanta, GA
 
 Implementing ISO 9001:2000
Course developed by Larry Whittington
September October November
20-21  Reston, VA 25-26  Reston, VA
 17-18  Atlanta, GA
  - -
   - -
 29-30  San Diego, CA

Understanding ISO 9001:2000
September October November
19  Reston, VA 24  Reston, VA
 28  San Diego, CA

Understanding ISO 9001:2000 Requirements (Atlanta Only - $295)
Course developed by Larry Whittington
November
15-16  Atlanta, GA
 
Quality System Documentation (ISO 9001:2000)
Course developed by Larry Whittington
September October November
22-23  Reston, VA 27-28  Reston, VA
 15-16  Atlanta, GA

The above public courses can be offered on-site at your facility. In addition, we offer these on-site courses:

  • ISO 9001:2000 Auditor Update - The Process Approach (1 Day) - Course developed by Larry Whittington
  • Understanding ISO/TS 16949:2002 Requirements (1 Day) - Course developed by Larry Whittington
  • Internal Quality Auditing (2 Days) - Course developed by Larry Whittington (based on ISO 19011)
  • AS9100B: Requirements Beyond ISO 9001:2000  (1 Day) - Course developed by Larry Whittington
To arrange an economical on-site class, please call us at 800-404-7585.  

© 2000-2005 Whittington & Associates, LLC. All rights reserved.
You may copy this e-Newsletter provided you copy it completely, do not change it, and include this copyright notice.
-top-

Copyright © 2000 - 2007  Whittington & Associates, LLC.
All Rights Reserved.
242 Highlands Drive, Woodstock, GA 30188
770-517-7944 or fax 770-517-7945
Site by Frogtown Media Web Design

 
Whittington & Associates provides training, consulting and auditing services for quality systems based on
ISO 9001, ISO/TS16949, TL9000, AS9100, ISO 13485, as well as, ISO 27001, ISO 20000, ISO 22000, and ISO 14001.
Send this page to a friend