Welcome to the Whittington & Associates
e-Newsletter!
Visit and bookmark our web
site.
Our newsletters provide guidance on ISO 9001,
AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO
14001,
ISO 27001, ISO 20000, and related ISO
standards, as well as, Six Sigma.
If you have any questions about the articles
appearing in this issue, or you want to suggest
topics for future issues, please let us
know.
Audit Conference: October 15-16, 2009
The ASQ Audit Division will hold its 18th
Annual Audit Conference on October 15-16,
2009. There are 45 conference sessions
planned across the two days. See the
tentative presentation and speaker list
below. Larry Whittington will be speaking on
"Get Tough on Corrective Actions" at 9:30 AM on
the first day of the conference.
The conference will held at the Hilton Tucson
El Conquisador Golf & Tennis Resort, 10000
North Oracle Road, Tucson, AZ 85704.
Comforting the Auditee
- Kim Meissen Revolution of an Audit Program
- Julie Curtis Get Tough on Corrective Actions
- Larry Whittington ISO 13485 - Auditing in the Medical Device
World
- Dan Whelan CQM Certification Exam Update
- Pete Hunter
10:45 AM - 11:45 AM
How to Use Statistical Work and Word
Sampling in Auditing
- Chris Youker Take Action & Experience and Learn and
Learn Again
- Naomi Whitehead Appreciative Internal Audits: A
Strength-based Approach to Auditing
- Jon Morris The Challenges of Auditing in Foreign
Countries
- Lori Lyle ESA: Lessons Learned During Design &
Construction
- Sandor Juhasz
1:45 PM - 2:45 PM
Preventing Problems - or Why ISO 9001 is
Poorly Written
- Dave Bennett Using Audits to Leverage Process
Improvements
- Mike Zimmerman Auditing Outside the Box: Thoughts on
Improving the Audit Function
- Duke Okes Women in Quality - Part 1 Construction Quality Manager Certification
Body of Knowledge -
Part 1
3:00 PM - 4:00 PM
Conducting On-Line Audits
- Shauna Wilson Manage Your Organization by Processes, Not
Procedures
- Denis Devos Increasing the Scope of Quality Audit
Management
- Carl McCauley Women in Quality - Part 2 Construction Quality Manager Certification
Body of Knowledge -
Part 2
4:15 PM - 5:15 PM
ACTION
- Jennifer Burgett Auditing Software Vendors
- Joe Knight-McKenna Using Audits to Sustain the Gain from Lean
Events
- Kelley Molavi Pharma CSI
- Stephanie Peika Construction QA Auditing
- Ray Crawford
Friday, October 16, 2009
9:30 AM - 10:30 AM
E-Audits - Looking to the Future
- J.P. Russell Leadership's Active Role in Continual
Improvement - Part 1
- Mike Micklewright How to Move Audits from Perfunctory to
Performance Enhancing
- Andy Hofmann The Happiest Results on Earth
- Bret Pfost Innovative Quality Auditing on
Design-Build Projects - Part 1
- Danny Kahler
10:45 AM - 11:45 AM
Corrective / Preventive Action System
Requirements
- Doug Older Leadership's Active Role in Continual
Improvement - Part 2
- Mike Micklewright Odds are Against Auditing
- Stephen Walfish Auditing Biomedical Assays
- Doug Avery Innovative Quality Auditing on
Design-Build Projects - Part 2
- Danny Kahler
1:45 PM - 2:45 PM
Use of Innovative Techniques to Achieve
Effective Audit Results
- Clyde Hedin Integrated Management Systems - Getting
Started
- Jim Heaviland Auditing Challenges
- Zardiff Chaudhury Journalists Interviewing Secrets: What
Every Auditor Should Know
- Natalia Scriabina & Romayne Smith Fullerton The Cost of Quality in Construction - Part
1
- John Mascaro
3:00 PM - 4:00 PM
Writing Meaningful Audit Findings
- Richard Kish Integrating Multiple Standards - Building
Competence
- Mary McDonald Integrating Audit Results into the QMS
- Richard Vincins Auditing under HIPPA Constraints
- Bill Hackett The Cost of Quality in Construction - Part
2
- John Mascaro
Many of you have been students in my classes
or communicated with me over the years on
quality and auditing topics. I invite you to
connect with me on LinkedIn by going to:
http://www.linkedin.com/in/larrywhittington
Medical Devices
In addition to our public and on-site ISO
13485 courses, we can now assist medical
device companies in bringing their products
to market. Our engineers can conduct risk
assessments, perform mechanical test design
and execution, trouble-shoot products, and
help implement quality management systems.
Risk Assessment
Why do a risk assessment on your medical
device? Because it is a legal requirement of
GMP 21 CFR Section 820, and reduces liability
by finding flaws. The risk assessment should
be the basis of both clinical and
non-clinical testing. And, it is the right
thing to do for the patient.
Mechanical Test Design and
Execution
A regulatory submission may require a series
of non-clinical tests. Factors such as
strength, fatigue, wear, and failure are
common characteristics that need to be
determined for new products. The design of
these tests is often straight-forward, but in
some cases, a new device brings new testing
challenges. Our engineers have extensive
experience in bench-top and animal testing
experiments. Doing the right testing the
first time saves time and money.
Product Design and Evaluation
Part of designing a safe and effective
medical device is trouble-shooting either
design or product issues when a device is not
functioning as needed. Our evaluations have
helped medical device companies improve their
design before and after a product has gone
through the regulatory track. With our team
of engineering experts, and the added benefit
of being unbiased external examiners, we
often see improvements and modifications that
are not obvious to vested team members who
have always been part of the design group.
Having a "new set of eyes" on a design
problem can lead to significant enhancements
in the product's performance, as well as,
reduce risks for the current device.
Quality Management System Before your company can start manufacturing a
medical device, you must have a quality
system in place. Our engineers have designed
and implemented tailored quality systems for
medical device companies that meet the
specific needs of the client. We know quality
systems can be cumbersome if not done right,
so we work with your needs to make you
compliant without burdening your organization
with unnecessary paperwork.
We have extensive experience with
implementing 21 CFR Part 820, GLP, ISO 13485,
ISO 14971, MDD, and CMDCAS. Our engineers
also have experience performing regulatory
audits of vendors and gap analysis of quality
systems for start-up medical device
companies.
To inquire about our medical device services,
send an email to
(Larry@WhittingtonAssociates.com).
To enroll
in one of our ISO 13485 classes, click on a
course description below.
We can also teach these ISO 13485 courses
on-site at your facility for a fixed class
fee instead of a per student fee.
Auditing Legal Requirements
Part of planning an internal audit is
determining the audit criteria, in other
words, the policies, procedures, and
requirements used as the reference for
comparing audit evidence.
Primary Requirement Types
The four primary types of requirements can be
grouped as:
1. Legal, as defined in statutes and
regulations
2. Organization, as found in policies and
procedures
3. Customer, as expressed in orders and
contracts
4. Standard, such as ISO 9001:2008
The requirement types can be remembered using
the term LOCS: Legal, Organization, Customer,
and Standard . The evidence categories
can be
recalled by the term DORS: Documents, Observations, Records, and Statements.
Unfortunately, legal requirements are often
ignored during internal audits. And, that
omission would be viewed as a nonconformity.
ISO 9001 on Legal Requirements
ISO 9001:2008, clause 7.2.1.c, states that
organizations must determine the statutory
and regulatory requirements for their
products and services. And, clause 7.3.2.b
requires that Design Inputs include the
applicable
statutory and regulatory requirements.
According to clause 5.1.a, top management
must communicate the importance of meeting
customer, as well as, statutory and
regulatory requirements. Of course, legal
requirements in this context are quality and
product-related requirements, not health,
safety, or environmental requirements.
A Note in clause 4.1 states that even if your
organization outsources a process, it will
still be responsible for conforming to all
customer, statutory, and regulatory
requirements.
Auditing Legal Requirements
You must first identify the applicable legal
requirements for the area to be audited. Ask
the legal staff, contract group, and audited
area itself about any process or product
legal requirements.
For the organization to meet the legal
requirements, they must have access to the
statutes and regulations. Ensure the
applicable requirements are easily available
for reference.
If the legal requirements have been
determined by the organization, see how they
monitor for any new or changed legal
requirements. Then, ask for evidence that the
organization is conforming to the
requirements.
If there is proof that legal requirements are
not being considered, then issue a
nonconformity report. If there is evidence
the organization is in violation of an
applicable legal requirement, then issue a
nonconformity report.
If you coincidently detect noncompliance with
non-quality legal requirement, e.g., a
health, safety, or environmental requirement,
it cannot be ignored - the auditee must be
informed.
According to the ISO
9001 Auditing Practices web site,
auditors should avoid commenting on the legal
requirements for the products and services of
an organization, or compliance methods, due
to liability concerns.
ISO/TS 16949:2009
The International Automotive Task Force
(IATF) announced in Certification Body (CB)
Communique 2009-10 that the automotive
quality standard, ISO/TS 16949:2009, has been
published. This IATF notice referred readers
to the CB Communique 2008-06 for ISO/TS
16949:2009 transition information:
1. No New Requirements
ISO/TS 16949:2009 introduces no new or
changed requirements. The incorporated ISO
9001:2008 standard is based on clarifications
or amendments to ISO 9001:2000 and those
intended to improve consistency with ISO
14001:2004.
2. Application
Certification Bodies and Organizations are
expected to understand and apply the
amendments in ISO/TS 16949:2009. Application
of the clarifications related to ISO
9001:2008 requirements (in the boxed text of
ISO/TS 16949:2009) is effective no later than
120 days after the release of ISO/TS
16949:2009.
3. Certification Status to ISO/TS
16949:2002
The certification status to ISO/TS 16949:2002
remains in effect for the certification life.
Certification to ISO/TS 2009 will be
recognized with the effective date of the
release of ISO/TS 16949:2009. Certification
to ISO/TS 16949:2009 is not an upgrade and
its term is the same as the current ISO/TS
16949:2002 certificate.
4. Certificates Issued to ISO/TS
16949:2009
IATF recognized certificates to ISO/TS
16949:2009 may be issued upon request by an
organization (client) after official
publication and after a regularly scheduled
surveillance audit, but are not required
until the next recertification audit.
Whittington & Associates provides training, consulting and auditing services for
management systems based on
ISO 9001, ISO/TS16949, ISO/TS 29001, TL 9000, AS9100, ASS9110, AS9120, ISO 13485,
ISO 27001, ISO 20000, and ISO 14001.
