 |
Whittington Newsletter |
 |
| QMS, EMS, Information Security, and Six Sigma |
October 2006 |
|
|
Greetings!
Welcome to the Whittington & Associates e-Newsletter! Visit and bookmark our web site.
Our newsletters provide guidance on ISO 9001, AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards, as well as, Six Sigma.
If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.
|
|
Using PDCA for Process Auditing |
|
Are you confused about process auditing? Well, let’s begin with the definition of a process: a set of interrelated or interacting activities which transform inputs into outputs.
So, a process audit is an objective evaluation of a process to determine the extent to which the process is meeting its requirements. Using the process definition, the process audit includes an examination of process inputs, activities, and outputs.
However, a process is part of a larger set of processes that make up an overall quality management system. Therefore, a process audit must also consider the linkage and interaction of the process with these other processes.
A process diagram, sometimes referred to as a turtle diagram (see diagram above), helps illustrate the process elements to be audited.
1. INPUTS: (What Received, When, and from Who)
2. OUTPUTS: (What Delivered, When, and to Who)
3. WHAT - Resources: (Equipment, Tools, and Software)
4. WHO - Resources: (People, Skills, and Experience)
5. METHODS: (Procedures, Instructions, and Controls)
6. MEASURES: (Performance Results and Objectives)
The Plan-Do-Check-Act (PDCA) methodology can be applied to any process.
Plan: Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organization's policies.
Do: Implement the processes.
Check: Monitor and measure processes and product against policies, objectives, and requirements for the product and report the results.
Act: Take actions to continually improve process performance.
Remembering PDCA can help you ask process-oriented audit questions:
Plan: How do you know what to do?
Do: How do you do it?
Check: How do you know it is right?
Act: What do you do if it is not right?
Likewise, PDCA can help you identify evidence:
Plan: procedures, instructions, flowcharts
Do: observations, explanations, records
Check: standards, specifications, targets
Act: accept, reject, adjust, rework, repair
For more information on process auditing, see the collection of Auditing Books at our web site.
|
|
ISO Survey of Certifications |
|
The recently published "ISO Survey of Certifications – 2005" sheds light on the roles played in globalization by ISO’s standards for quality and environmental management systems. Here is a selection of the main findings.
Global Trade: ISO 9001 is now firmly established as the globally accepted standard for providing assurance about the quality of goods and services in supplier-customer relations. At least 776,608 ISO 9001:2000 certificates had been issued by YE2005 in 161 countries and economies, an increase of 18 % over 2004, when the total was 660,132 in 154 countries and economies.
Sustainable Business: Similarly, ISO 14001 confirms its global relevance for organizations wishing to operate in an environmentally sustainable manner. By YE2005, at least 111,162 ISO 14001 certificates (1996 and 2004 versions consolidated) had been issued in 138 countries and economies, an increase of 24 % over 2004, when the total was 89,937 in 127 countries and economies.
Unifying Base: The status of ISO 9001:2000 as a unifying base for the quality requirements of specific sectors, and its use to qualify suppliers in global supply chains, is illustrated by the growth of ISO/TS 16949:2002 certification in the automotive sector. By YE2005, at least 17,047 ISO/TS 16949:2002 certificates had been issued in 80 countries and economies, an increase of 70 % over 2004 when the total was 10,019 certificates in 62 countries and economies.
Technical Support for Regulation: The use of ISO 9001:2000 as technical support in regulated areas is illustrated by the growth of certification to ISO 13485:2003 in the medical device industry. By YE2005, at least 5,065 ISO 13485:2003 certificates had been issued in 67 countries and economies, an increase of 111 % over 2004 when the total was 2,403 in 55 countries and economies.
Rise of Services: The rising importance of services in the global economy is borne out by the survey – nearly 33 % of ISO 9001:2000 certificates, and 31 % of ISO 14001 certificates, in 2005 went to organizations in the service sectors. The latter statistic also illustrates that good environmental management is not just for “smoke stack” industries – and that service providers are accepting their social responsibilities in this area.
Top Ten Countries
ISO 9001:2000:
1. China = 143,823
2. Italy = 98,028
3. Japan = 53,771
4. Spain = 47,445
5. United Kingdom = 45,612
6. USA = 44,270
7. Germany = 39,816
8. India = 24,660
9. France = 24,441
10. Australia = 16,922
ISO 14001:2004 (and 1996):
1. Japan = 23,466
2. China = 12,683
3. Spain = 8,620
4. Italy = 7,080
5. United Kingdom = 6,055
6. USA = 5,061
7. Korea = 4,955
8. Germany = 4,440
9. Sweden = 3,682
10. France = 3,289
ISO/TS 16949:2002:
1. USA = 3,693
2. China = 2,151
3. Germany = 2,115
4. India = 954
5. France = 854
6. Korea = 834
7. Spain = 726
8. Mexico = 495
9. Brazil = 480
10. United Kingdom = 476
ISO 13485:2003:
1. USA = 1,310
2. United Kingdom = 973
3. Germany = 824
4. Switzerland = 367
5. Japan = 211
6. France = 153
7. Canada = 146
8. Pakistan = 114
9. Israel = 107
10. Sweden = 85
The abridged findings of the 2005 survey, which is now in its 13th year, are provided free of charge in this ISO Survey of Certifications PDF file.
|
|
Octopus Diagram for Customer Focus |
|
In an earlier article, we described the Turtle Diagram for capturing information about a process. With the turtle’s head and tail representing the inputs and outputs, and its legs addressing the methods, resources (what and who), and measures, the diagram reminds us of the key factors to consider when defining or auditing a process.
Regardless of the tools used, an organization should ensure a process owner exists and that the process is defined, documented (if necessary), and monitored. In addition, the process linkages must be established and process records maintained.
Of all the processes within a quality management system, the customer oriented ones, with direct customer interfaces, are perhaps the most important. To satisfy our customers at these contact points will require the behind-the-scenes processes to be achieving their quality objectives.
The linkage of customer oriented processes to the rest of the system can be viewed as forming an octopus diagram. Each tentacle represents inputs from the customer to the organization and the resultant direct outputs from the organization to the customer.
Although an octopus has eight tentacles, the octopus diagram should represent the actual customer oriented processes, whether fewer or more in number. For examples of customer oriented processes, see the list below:
- Market Analysis
- Proposals/Bids
- Order Entry
- Product Design
- Product Validation
- Shipping/Delivery
- Invoicing/Payment
- Warranty/Service
- Customer Feedback
By giving special attention to our customer oriented processes, we are taking steps to ensure we meet customer requirements, and as a result, hopefully satisfy our customers.
|
|
OPM3 Assessors and Consultants |
|
Organizational project management is the systematic management of projects, programs, and portfolios to achieve an organization’s strategic goals. It focuses on the clear correlation between an organization’s management capabilities and its effective implementation of strategy, which directly impacts financial results.
Successful organizational project management can be a decisive strategic advantage in a competitive economy. The degree to which an organization practices this type of project management is referred to as its organizational project management maturity.
What is OPM3?
Just as individuals benefit from achieving personal maturity, organizations can benefit from achieving organizational project management maturity. Developed under the stewardship of the Project Management Institute (PMI), OPM3 is an acronym for the Organizational Project Management Maturity Model. It is a standard unlike any currently available tool or model, and is delivered through a convenient online database accompanied by a book.
OPM3 provides:
• Knowledge about organizational project management, organizational project management maturity, and what constitutes Best Practices in organizational project management;
• The ability to perform an Assessment of the current state of organizational project management maturity; and
• Assistance to organizations who wish to identify and embark on a path for Improvement and that increases its project management maturity
It is through these three interlocking elements—Knowledge, Assessment, and Improvement—that OPM3 can enable an organization to improve its ability to achieve its strategic goals. For an executive overview of OPM3, go to the PMI Web Site.
OPM3 Certification Program
PMI and Det Norske Veritas (DNV) have launched an OPM3 ProductSuite Certification Program. The Program is accepting individuals that have consulting experience, have conducted assessments, and are able to pass an entrance exam covering various aspects of the OPM3 Standard.
The OPM3 ProductSuite is offered by DNV on PMI’s behalf, and consists of three basic elements — certifications, tools, and services — with DNV serving as the exclusive provider of Certified OPM3 Assessor and Consultant training, testing, certification, and registration services.
The Certified OPM3 Assessors and Consultants will deliver OPM3 Assessment and Improvement Services to organizations interested in measuring their level of project management and using this information as a basis for improvement. The program includes an entrance assessment, case-based training, license to proprietary software tools, and most importantly – certification credentials.
The names of the resulting PMI OPM3 Certified Assessors and Consultants can be added to the official PMI Registry so companies in need of assessment services will be able to easily locate OPM3 Certified individuals. For more information about the selection process, experience requirements, or program dates and locations, go to the OPM3 ProductSuite Web Site.
|
|
ISO 14764 for Software Maintenance |
|
ISO 14764:2006, Software Engineering - Software Life Cycle Processes - Maintenance, describes in greater detail management of the software maintenance process addressed in ISO 12207.
ISO 14764 provides guidance that applies to planning, execution and control, review and evaluation, and closure of the software maintenance process. The scope of the standard includes maintenance for multiple software products with the same maintenance resources.
ISO 14764 provides the framework within which generic and specific software maintenance plans may be executed, evaluated, and tailored (to the maintenance scope and magnitude of given software products). It provides the framework, precise terminology, and processes to allow the consistent application of technology (tools, techniques, and methods) to software maintenance.
ISO 14764 defines the activities and tasks of software maintenance, and provides maintenance planning requirements. It does not address the operation of software and operational functions, e.g., backup, recovery, and system administration, which are normally performed by those who operate the software.
The standard was written primarily for maintainers of software and additionally for those responsible for development and quality assurance. It may also be used by acquirers and users of systems containing software (who provide inputs to the maintenance plan).
ISO 14764:2006 should soon be available for download at the ANSI e-Standards Store.
|
|
How to Audit the Provision of Resources |
|
You’ve been asked to audit an organization against the requirements of ISO 9001:2000, clause 6.1, Provision of Resources. Where do you begin?
First, understand a “resource” is a source of supply, support, or aid that can be readily drawn upon when needed. Using this definition, the resources needed for a quality management system may include equipment, facilities, people, supporting services, work environment, suppliers, information, natural resources, and finances.
Next, identify the audit criteria (requirements) stated in ISO 9001:2000, clause 6.1:
The organization must determine and provide the resources necessary to:
- Implement and maintain the quality management system
- Continually improve the effectiveness of the system
- Enhance customer satisfaction by meeting customer requirements
Then, interview the managers responsible for the area to see how resources are being identified, planned, made available, used, monitored, and changed. However, don’t audit “resources” in isolation. Verify that managers are evaluating process performance to determine the needed resources.
After asking questions about resource planning and budgeting, interview employees to see if the allocated resources are sufficient to meet customer requirements and continually improve the results of the system.
But, be careful not to get caught in the middle of an ongoing resource dispute. An employee may state that some work was not completed as planned due to the lack of resources. While that may be true, you should write up the resulting nonconformity, not the possible resource issue.
The corrective action will require the organization to identify the root cause of the problem. If the nonconformity was caused by a lack of resources, then the plan will be changed to fit the resources, or more resources will applied.
Make sure you don’t make subjective judgments on the adequacy of the resources. Limit your role to judging the effectiveness (results) of the resources.
|
|
Class Schedule |
|
| Quick Links... |
|
|
|
 |
 |
|
