|
|
Lunch and Learn
August 9, 2011
Phoenix, AZ
Information Security Management
Presented by Sustaining Edge Solutions, Inc.
Information and Registration
|
|
|
| Our newsletters provide information on business management systems ISO 9001, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental, and others. This includes process auditing techniques and process improvement methods Six Sigma, Lean Enterprise, and other topics of interest to our readers.
If you have any questions regarding the content or have a topic of interest for a future newsletter, please let us know.
|
|
Common Nonconformities to Avoid with AS9100C Audit
According to Robert Parsons, aerospace and defense business unit director at management system registrar, National Quality Assurance (NQA) after completing a number of audits to the AS9100C standard, the NQA, USA auditors have provided the following feedback on areas most often cited for nonconformances.
1. Failure to act on customer satisfaction data.
The AS9100C Aviation, Space and Defense Standard includes specific information that must be monitored and used for evaluating customer satisfaction data. That information at a minimum is to include product conformity, on-time delivery, customer complaints, and corrective action requests. In addition, it requires that organizations develop and implement plans for customer-satisfaction improvement that address deficiencies identified by evaluations, and assess the effectiveness of the results.
Resources for obtaining this information can include supplier rating report cards, survey data, feedback from trip reports. Often, this information is not being reviewed by the top management, there have been no actions taken to improve performance, the actions taken have not been evaluated for effectiveness, or the actions taken are ineffective.
2. Lack of understanding of the concepts of special requirements, critical items, and key characteristics.
“Special requirements” and “critical items” are terms new to the AS9100C standard, and consequently are frequently misunderstood and then misapplied. Because they are cited in sections 7.1, 7.2, 7.3, 7.5, and 8.2 of the standard, a company cannot avoid them, and therefore it is important that they are understand and addressed within the company’s current aerospace QMS. Specifically, it is important to understand the relationship between special requirements and critical items, and the application of risk when they are identified by either the customer or the organization.
3. Risk management.
There is still confusion regarding when to apply risk-management techniques and how much evidence must be shown to the third-party auditor to demonstrate the effective implementation of risk management principles.
In addition, it has been found that risk management is not implemented across all processes, contracts, supply-chain management, planning, and production processes, that there are little to no defined tools or methodologies to handle risk-based activities, and that there is a general lack of risk-mitigation plans and evidence that they have been reviewed.
4. Configuration management.
AS9100C is more specific than the outgoing AS9100B regarding configuration management, which in short is the management of change. This requirement has been moved into the standard’s Planning of Product Realization section because it must be emphasized and determined during the planning process of product realization. Determining the level of configuration management should take into account the type of organization, the nature and complexity of the product, and any contractual requirements.
5. Management responsibility and review.
NQA has observed numerous instances where performance is not meeting customers’ expectations but with little or no action by top management. It is expected that there will be commitment, involvement, and follow-up on continual-improvement initiatives, and review and evidence that action has been taken on processes that are underperforming and considered ineffective. Top management should be aware of and involved in these initiatives.
6. Ineffective internal audit processes.
In many instances, internal audits are still not process-based but instead are scheduled and audited in response to elements of the standard, not on processes carried out by the company. Additionally, it has been determined that internal auditors are not trained on process auditing, and audit programs do not include contractual or customer-specific requirements. Though process auditing was required and expected by the AS9100B standard, many companies have still not fully embraced this concept. The result is that a third-party auditor will conduct a process audit at a company that is not being audited internally using a process approach, and will come up with disastrous results.
7. Ineffective corrective-action process.
Auditors are finding a lack of containment and immediate correction, insufficient root-cause analysis, failure to fully implement actions to address the root cause, failure to follow up to determine effectiveness of actions taken, and recurring nonconformities resulting from ineffective corrective action. Though this is not specific to new requirements of the AS9100C standard, it continues to be the No. 1 cause of unsuccessful audits.
8. Failure to incorporate customer requirements.
In preparation for audits, NQA auditors will determine who the suppliers’ main customers are and will be reviewing customer requirements, evaluating the OASIS database for customer feedback, and structuring audits to evaluate the effectiveness of processes and their ability to meet customers’ requirements and expectations. There have been many instances where customer flow-down requirements are not being implemented internally, or flowed down to sub-tier suppliers.
In addition, many companies are still unaware that their customers can and do use the IAQG’s Online Aerospace Supplier Information System (OASIS) database as a vehicle to inform the certification body that the company is not meeting customers’ expectations. Consequently, your auditor may come to your facility armed with information regarding poor levels of customer satisfaction and will most certainly want to see your corrective action plan.
Preparing for an upgrade to this new standard is challenging because there are a number of new requirements, terms, and concepts to understand and implement within your new QMS.
Looking for help with your upgrade to the AS9100C Standard? Contact us for effective and proven results.
|
|
ISO 9001 Proven to Win New Business
According to data from The British Assessment Bureau’s (BAB) independent 2011 Client Satisfaction Survey, 44 percent of respondents said that they had won business as a result of becoming certified to ISO 9001, the quality management system standard from the International Organization for Standardization (ISO).
The survey, which was carried out by specialist market research organization, Lake Market Research (LMR), showed that for many organizations, the prospect of winning more work was the primary motivation for implementing the standard. When asked, 57 percent said that a client requirement motivated them to obtain certification, with 31 percent responding that winning more business was their incentive.
“Prospective clients have often mentioned that they require the [ISO 9001] standard to qualify for a particular tender,” says Fenn. “However, what we didn’t know is how many of our clients had actually won work as a direct result of achieving certification With the latest results now in, we’re delighted to confirm that certified organizations are getting the reward they deserve from implementing a robust, recognized quality management system.”
Verbatim feedback from the survey backed up the figures, with some clients suggesting that ISO 9001 carried real weight. “We have won several government contracts which we couldn’t even have attempted without ISO 9001,” says Debbie Horlock from Screenfix Windscreens. It isn’t just the government that insists on certification either. “We are starting to win new accounts that we could not have approached in the past as they insisted on having ISO 9001,” says Christian Stoneham from Masters Exhibitions & Shows.
The ISO developer and publisher of more than 18,000 international standards, commissioned its own survey in 2009 showing that more than 40,000 ISO 9001 certificates were issued in the UK in that year. With 96 percent of BAB’s clients recommending the standard to other organizations, that figure looks set to increase.
|
|
ISO Expands Work in Five Areas
The International Organization for Standardization (ISO) continues to diversify its scope with the recent addition and expansion of five work areas for standards development. These are: (1) Project, program, and portfolio management, (2) Outsourcing, (3) Human resources management, (4) Additive manufacturing, and (5) Risk management.
Project, program, and portfolio management
ISO had originally established a project committee to develop a single standard on project management (ISO/PC 236). However, recognizing that the discipline of project management is much broader than what a single standard can encompass, it was decided that a new technical committee would be created to develop additional standards in this area. The new ISO/TC 258-”Project, program, and portfolio management,” will address aspects that are not covered in the standard currently in development. The first meeting took place in June 2011 in Washington. Currently, 34 countries are involved.
Outsourcing
A new project committee ISO/PC 259, Outsourcingwill develop a standard to provide overarching guidance and terminology, enabling practitioners to harmonize principles, procedures, and vocabulary in existing and future standards. It will also improve understanding of all parties involved in outsourcing by providing a common set of practices for managing the outsourcing life cycle. It will promote interoperability and coherence, contribute to removing technical barriers to trade, and reduce transaction costs for outsourcing. The committee took place in June 2011, in Sofia, Bulgaria. Currently, 14 countries are involved.
Human resource management
A new ISO committee, ISO/TC 260, Human resource management, will develop standards for HR management, including guidelines, processes, policies, practices, services. It will promote reliable and transferable approaches to work force management in developed and emerging economies for the overall benefit for organizations and their employees. The standards will help organizations adapt to, and exploit demographic shifts that influence their access to workers.
Additive management
Additive manufacturing (AM) is an inherent part of the product development process. These additives are used to manufacture prototypes, tools, and production parts. In comparison to conventional methods where parts are molded into specified forms or cut from a massive block, AM is based on the principle that liquids, powders, and films are layered to build 3-D structures without the use of a mold. In the past, AM used in the development, modification, and use of mold-free production processes has been quite unsystematic. One of the main reasons is the unavailability of international standards. A new ISO technical committee, ISO/TC 261 Additive manufacturing will develop the much-needed standards for development and market penetration of the industry.
Risk management
In 2009, a comprehensive risk management toolbox was developed by an ISO working group. Toolbox elements included:
- ISO 31000-”Risk management-Principles and guidelines”
- ISO Guide 73-”Risk management vocabulary”
- ISO/IEC 31010-”Risk management-Risk assessment techniques”
Additive manufacturing will develop the much-needed standards for development and market penetration of the industry. ISO now has created a new project committee, ISO/PC 262, Risk management, to promote this work by developing a document that offers further guidance for implementing these standards. The document will be applicable to all organizations of all sizes and will be written using plain expressions and terminology for ease of application. Currently some 30 countries are involved.
|
|
In the News
ISO 50001 Energy Management Standard
The ISO International Standard ISO 50001 on energy management systems is an eagerly awaited event because it is estimated the standard could have a positive impact on some 60 % of the world’s energy use. ISO 50001 will provide public and private sector organizations with management strategies to increase energy efficiency, reduce costs and improve energy performance.
ISO 50001 is intended to provide organizations with a recognized framework for integrating energy performance into their management practices. Multinational organizations will have access to a single, harmonized standard for implementation across the organization with a logical and consistent methodology for identifying and implementing improvements.
The standard is intended to accomplish the following, for example:
- Assist organizations in making better use of their existing energy-consuming assets
- Assist facilities in evaluating and prioritizing the implementation of new energy-efficient technologies
- Allow integration with other organizational management systems such as environmental, and health and safety.
The standard is available now on the ISO Website.
FDA Unveils Global Strategy for Quality of Imported Products
The U.S. Food and Drug Administration (FDA) unveiled a new strategy to meet the challenges posed by rapidly rising imports of FDA-regulated products and a complex global supply chain in a report called the “Pathway to Global Product Safety and Quality.”
The FDA report calls for the agency to transform the way it conducts business and to act globally to promote and protect the health of U.S. consumers. There has been a perfect storm-more products, more manufacturers, more countries, and more access. A dramatic change in strategy must be implemented.
For more information, visit the FDA Website for the Executive Summary and to download a PDF of the full report, “Pathway to Global Product Safety and Quality.”
|
|
Turtle Diagram – Process Evaluation Tool
The starting point for effective internal auditing is to understand your organization’s existing processes. By understanding the basics of any activity through a simple process model (input-process-output) you can start looking deeper into what is happening in your organization. Six Sigma practitioners have expanded the process model to get the supplier-input-process-output-customer (SIPOC) model.
The challenge is to determine if your current processes still add value to your organization and its customers. To achieve this, we now must move to what is called the turtle diagram for individual processes. Internal auditors can create and review these diagrams for every major process in an organization. Some say that the turtle diagram is a cross between the SIPOC and a cause-and-effect diagram. This is a good analogy because the turtle diagram looks at how the process satisfies the customer (typically an internal customer at this stage).
By looking at what is really happening versus what procedures say is supposed to be happening, an evaluation can be made as to whether the process is effective in meeting the customer’s requirements.
For more information on process evaluation tools, see our June 2006 newsletter – five years old but still valuable.
|
|
Phone: 888-572-9642 toll free
|
|
|
Sustaining Edge Solutions, Inc. Newsletter
Sustaining Edge Solutions, Inc. Newsletter
