|
Greetings!
Welcome to the Whittington & Associates e-Newsletter! Visit and bookmark our web site.
Our newsletters provide guidance on ISO 9001, AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, ISO 22000, and related ISO standards, as well as, Six Sigma.
If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.
|
|
Top Management Role |
 |
The word “management” comes from the Latin manu agere, "to lead by the hand".
According to ISO 9000:2005, 3.2.7, Top Management is defined as the, "person or group of people who directs and controls an organization at the highest level."
Top management, through their leadership and personal involvement, can create an environment to fully involve people and effectively operate a quality management system. They can demonstrate their commitment through the following actions:
1. Learn
Determine your customer needs and expectations. Understand the ISO 9001 requirements, especially those that relate to management responsibilities.
2. Imagine
Envision the quality policy and objectives needed to meet requirements and achieve your vision.
3. Plan
Identify a management owner for each process. Formulate your strategy to achieve quality objectives and then manage change along the way. Adopt the “process approach” to ensure the system processes are working well together.
4. Share
Promote the policy and objectives throughout the organization. Communicate your direction and values regarding quality. Make relevant information available.
5. Train
Ensure the necessary competence is available for effective and efficient operation of the system.
6. Manage
Direct and control the organization to meet its objectives. Use the Management Review meetings to review data and make decisions.
7. Lead
Lead the organization by personal example to establish unity of purpose and develop employee trust. And, be a role model for ethical behavior.
8. Support
Create an environment that encourages the involvement of people. Provide the necessary resources and supporting services.
9. Delegate
Define responsibilities. Make assignments. Provide resources and authority. Hold people accountable.
10. Participate
Be actively involved in implementing and maintaining the system. Send a clear signal on its importance.
11. Observe
Leave the office and see the work being performed. Find out about possible obstacles and frustrations.
12. Listen
Listen carefully to your customers and act on their feedback. Be willing to hear internal concerns and understand performance issues. Generate rapport with employees.
13. Promote
Raise the awareness level. Encourage involvement. Set a positive tone. Expect results. Be patient.
14. Measure
Request performance data on processes and products. Keep score of conformity and effectiveness.
15. Analyze
Look at measurement data for trends and patterns. Examine the results of internal audits. Request changes for improved performance.
16. Review
Examine status and performance of the system on a regular schedule. Seek improvement ideas.
17. Act
Make informed decisions based on facts. Avoid paralysis by analysis. Follow up on assignments. Support the corrective and preventive action process.
18. Improve
Establish continual improvement as a permanent objective. Monitor gains and set higher targets.
In other words, perform the basic management duties of directing, controlling, and improving the organization.
To request an on-site class for your managers, click here. We can tailor a course to meet your needs.
|
|
Draft ISO 9001:2009 Clause 4 Changes |
|
In my last newsletter, I gave you the link to access a copy of the draft ISO 9001:2009 standard. Many of the suggested changes are just word changes for improved clarity of the requirements.
For example, under 4.1 General Requirements, sub-clause (a), the word “Identify” has been replaced with “Determine”:
4.1 General Requirements
a) Identify Determine the processes needed for the quality management system and their application throughout the organization (see 1.2),
Although similar, the words “Identify” and “Determine” have slightly different meanings. To identify is to recognize or establish something as being a particular thing. To determine is to apply reason and reach a conclusive decision. Therefore, to determine the processes implies more analysis and judgment than merely identifying them.
Later in clause 4.1 regarding outsourcing, the word “identified” has been replaced with “defined”.
The controls to be applied to these Control of such outsourced processes shall be identified defined within the quality management system.
Defined controls means clearly specified controls. And, the additional text indicates the defined controls are to be applied, not just identified.
Finally, a new Note under clause 4.1 states,
NOTE 2: The requirements of Clause 7.4 of this international standard may also apply to outsourced processes.
Outsourcing a process to another organization typically involves the purchase of those services. As a result, the requirements of clause 7.4, including the controls mentioned in 7.4.1, apply to the supplier selected to perform the outsourced process.
4.2 Documentation Requirements
4.2.1 General
The requirement changes in 4.2.1 are basically just a restructuring of the sub-clauses c), d), and e).
c) documented procedures and records required by this International Standard, and
d) documents, including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes, and
e) records required by this International Standard (see 4.2.4).
You can see that adding “records” to sub-clause c) allowed sub-clause e) to be dropped. Sub-clause d) has been expanded to include the necessary records.
The first Note for clause 4.2.1 has added two more sentences:
A single document may include the requirements for one or more procedures.
A requirement for a documented procedure may be covered by more than one document.
An example for the first sentence would be satisfying the requirements for documented procedures in 8.5.2, Corrective Action, and 8.5.3, Preventive Action, by one combined Corrective and Preventive Action procedure. An example for the second sentence would be splitting the required procedure for the Control of Documents into two separate documented procedures.
4.2.2 Quality Manual
The draft ISO 9001:2009 standard kept the quality manual requirements the same.
4.2.3 Control of Documents
The first sentence of the draft standard still states that documents required by the quality management system are to be controlled. The only suggested change to clause 4.2.3 is shown below:
f) to ensure that documents of external origin necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
The change in sub-clause (f) clarifies that not all external documents have to be identified and controlled; only those necessary for the planning and operation of the quality management system.
4.2.4 Control of Records
The opening sentence for clause 4.2.4 has expanded from records being “maintained” to having them “controlled”. Maintaining the records would be to simply keep them in good condition. Controlling the records means to regulate their use.
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.
Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records.
Records shall remain legible, readily identifiable, and retrievable.
The requirement for a documented Record Control procedure was rewritten as shown above, but the content is basically the same. And, you can see that records must still remain legible, readily identifiable, and retrievable. This text was just moved to the end of clause 4.2.4.
So, the changes to clause 4 in the draft ISO 9001 are primarily clarifications for improved understanding of the existing requirements. No reason for alarm.
|
|
Doors (Evidence) and Locks (Requirements) |
|
In our auditing classes, I discuss the "scales of conformity". On one scale are the applicable requirements for the area being audited. The other scale contains the different types of evidence. The auditor's job is to compare the evidence to the requirements to determine if the audit criteria are being met or not.
To help the students remember the types of evidence and the different categories of requirements, I devised two acronyms: DOoRS and LOCkS.
DOoRS represents forms of evidence:
D = Documents
O = Observations
R = Records
S = Statements
LOCkS represents types of requirements:
L = Legal
O = Organization
C = Customer
S = Standard
I hope these acronyms will help you consider all the applicable requirements and forms of evidence when assessing conformity.
|
|
Tax Deduction for ISO 9001 |
|
The Internal Revenue Service issued a ruling in 2000 that allows businesses to take a tax deduction for the costs of implementing and maintaining ISO 9001 registration. Several organizations had petitioned the IRS to permit firms to deduct ISO 9001-related costs in a single year instead of spreading the expenses over several years.
The IRS ruling stated, "Although ISO 9000 is voluntary, it increasingly is a contractual requirement for doing business with many organizations, both public and private, worldwide." A prior unofficial IRS position paper had concluded all ISO 9000 costs had to be capitalized over a three year period.
The costs of ISO 9001 are now viewed as satisfying the conditions for applying section 162 of the Income Tax Regulations: it is an expense, ordinary, necessary, paid or incurred during the tax year, and made to carry out a trade or business. The ruling that ISO 9001 registration is necessary was, in part, responsible for this policy change. "ISO 9000 certification does not itself result in the creation of an asset having a useful life substantially beyond the taxable year," according to the IRS ruling.
For more information, see: Internal Revenue Bulletin 2000–4. It states, “Cost incurred by a taxpayer to obtain, maintain, and renew ISO 9000 certification are deductible as ordinary and necessary business expenses under section 162 of the Code, except to the extent they result in the creation or acquisition of an asset having a useful life substantially beyond the taxable year (e.g., a quality manual).”
In addition, see: Internal Revenue Bulletin 2004-7. It states in Example 4 for business process certification, “Z corporation, a manufacturer, seeks to obtain a certification that its quality control standards meet a series of international standards known as ISO 9000. Z pays $50,000 to an independent registrar to obtain a certification from the registrar that Z's quality management system conforms to the ISO 9000 standard. Z's payment is an amount paid to obtain a certification of Z's business processes and is not required to be capitalized under this paragraph (d)(4).”
|
|
Lifecycle Approach to Software Quality |
|
Researchers from Carnegie Mellon University estimate that programmers make between 100 and 150 errors per 1,000 lines of code. And according to the National Institute of Technology, only 70% of all application errors are found in the QA process, leaving the other 30% to be discovered by beta or pilot users. So, perhaps it's not surprising that, according to Gartner, 40% of unplanned downtime is caused by application errors, which cost businesses an average of $100K per hour.
The impact of application errors is felt by many organizations before the applications are released to production. In its 2004 CHAOS Report, The Standish Group reported that only 29% of all application development projects succeed (delivered on time, on budget, with required features and functions); 53% are challenged (late, over budget, and/or with less than the required features and functions); and a remarkable 18% are considered failed (canceled prior to completion or delivered and never used).
Missed deployment and delivery dates, budget overruns, failure to comply with industry regulations, interrupted work flows, and frustrated customers are the natural byproducts of application flaws. The current approach to resolving application problems and ensuring software quality is simply not getting the job done.
In many organizations, problem resolution remains a cumbersome, manual, error-prone process that extends QA/testing cycles, causes delays in application releases, and is one of the largest culprits for releasing software without its required functions and features.
However, these negative results can be prevented with an effective problem resolution process that leverages best practices, along with new problem resolution technologies, to enhance collaboration between the QA/Testing team – where the problems are found – and the Development team – where the problems are fixed – for significant business gain. In other words, companies need to take a lifecycle approach to ensuring quality.
A white paper at the WebBuyersGuide outlines a holistic approach to optimizing software quality across the application lifecycle. Several case study examples are included to demonstrate how innovative companies have leveraged problem resolution technologies to reduce development and testing costs significantly, and promote quality throughout the application lifecycle.
|
|
Class Schedule |
|
| Quick Links... |
|
|
